govuk_app_config 1.19.0 → 1.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6d37e912e97b61b2e44e7426227dec0d41ba54f038d0c699bc211fdaf16a0d78
-  data.tar.gz: ee89d83862262cedf567af94127caee6742418442a510a801e319a97af68d8e7
+  metadata.gz: 835a2266696c7d95ca1e986e01361d08c7ada615f9ca5de5380c8b1a0f75778c
+  data.tar.gz: ff9421aa81df71f3ed5c71676e247816ce72362cf7e78931dfe02b385b709f11
 SHA512:
-  metadata.gz: f33fd6b8fa2860522faaf3bc0b98464060bf38f66844c81ba93e71d98cc0f10e7dd15f6dd70384ee49b8b644ca82816b7a53fd4f5310807f7582bc073d15a28d
-  data.tar.gz: f9a936b6ef4d608aa7de868b4eeb933c5f98301f8f7fa9d0397dcbc454bde939a1e4f0b624e5739461b042f3adac0bba1526d291f96bd806c6b9996d0c7084a5
+  metadata.gz: 27c781bd285e5a39d4cd4fdff347589e39e646bbb36881f3f147bfc4461250d5c3c2c2b5e79daead39f42af25d7de0812e6d389142456b6ff3159eb16749f6a9
+  data.tar.gz: 5408fc6e77e8725d74c0e181061c82fedb90f84fa35616e5ce0bc6deca50a82248081041111db6523d28597d220c8e0e14e377b0832e0ad058ba5b0f842a4710

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+# 1.20.0
+
+* Fix CSP in development
+* Add `youtube-nocookie.com` to consent security policy
+* Update dependencies
+* Update error reporting code
+
 # 1.19.0
 
 * Use `GOVUK_CSP_REPORT_ONLY` and `GOVUK_CSP_REPORT_URI` to configure

data/README.md

@@ -119,8 +119,8 @@ logs to `STDOUT` and unstructed logs to `STDERR`.
 ## Content Security Policy generation
 
 For frontend apps, configuration can be added to generate and serve a
-content security policy header. The policy is report only when the Rails
-environment is set to "production", and enforced otherwise.
+content security policy header. The policy is report only when the
+environment variable `GOVUK_CSP_REPORT_ONLY` is set, and enforced otherwise.
 
 To enable this feature, create a file at `config/initializers/csp.rb` in the
 app with the following content:

data/govuk_app_config.gemspec

@@ -23,15 +23,15 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "aws-xray-sdk", "~> 0.10.0"
   spec.add_dependency "statsd-ruby", "~> 1.4.0"
-  spec.add_dependency "logstasher", "~> 1.2.2"
-  spec.add_dependency "sentry-raven", "~> 2.7.1"
-  spec.add_dependency "unicorn", "~> 5.4.0"
+  spec.add_dependency "logstasher", ">= 1.2.2", "< 1.4.0"
+  spec.add_dependency "sentry-raven", ">= 2.7.1", "< 2.10.0"
+  spec.add_dependency "unicorn", ">= 5.4", "< 5.6"
 
   spec.add_development_dependency "bundler", "~> 1.15"
   spec.add_development_dependency "rails", "~> 5"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.6.0"
-  spec.add_development_dependency "rspec-its", "~> 1.2.0"
+  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rspec", "~> 3.8.0"
+  spec.add_development_dependency "rspec-its", "~> 1.3.0"
   spec.add_development_dependency "climate_control"
   spec.add_development_dependency "webmock"
   spec.add_development_dependency "pry"

data/lib/govuk_app_config/configure.rb

@@ -1,23 +1,7 @@
-if defined?(Airbrake)
-  raise "This gem isn't compatible with Airbrake. Please remove it from the Gemfile."
-end
-
 GovukError.configure do |config|
-  # We're misusing the `should_capture` block here to hook into raven until
-  # there's a better way: https://github.com/getsentry/raven-ruby/pull/750
-  config.should_capture = Proc.new { |e|
+  config.before_send = Proc.new { |e|
     GovukStatsd.increment("errors_occurred")
-
-    # For backwards compatibility
-    GovukStatsd.increment("errbit.errors_occurred")
-
-    exception_class = e.respond_to?(:original_exception) ? e.original_exception.class : e.class
-    if exception_class.ancestors.any? { |c| c.name =~ /^GdsApi::(HTTPIntermittent|TimedOutException)/ }
-      GovukStatsd.increment("gds_api_adapters.errors.#{e.class.name.demodulize.underscore}")
-      false
-    else
-      true
-    end
+    GovukStatsd.increment("error_types.#{e.class.name.demodulize.underscore}")
   }
 
   config.silence_ready = !Rails.env.production? if defined?(Rails)
@@ -34,10 +18,17 @@ GovukError.configure do |config|
     'ActiveJob::DeserializationError',
     'ActiveRecord::RecordNotFound',
     'CGI::Session::CookieStore::TamperedWithCookie',
+    'GdsApi::HTTPIntermittent',
+    'GdsApi::TimedOutException',
     'Mongoid::Errors::DocumentNotFound',
     'Sinatra::NotFound',
   ]
 
+  # This will exclude exceptions that are triggered by one of the ignored
+  # exceptions. For example, when any exception occurs in a template,
+  # Rails will raise a ActionView::Template::Error, instead of the original error.
+  config.inspect_exception_causes_for_exclusion = true
+
   config.transport_failure_callback = Proc.new {
     GovukStatsd.increment("error_reports_failed")
   }

data/lib/govuk_app_config/govuk_content_security_policy.rb

@@ -10,7 +10,8 @@ module GovukContentSecurityPolicy
 
   GOVUK_DOMAINS = [
     '*.publishing.service.gov.uk',
-    "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}"
+    "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}",
+    "*.dev.gov.uk"
   ].uniq.freeze
 
   GOOGLE_ANALYTICS_DOMAINS = %w(www.google-analytics.com
@@ -38,6 +39,7 @@ module GovukContentSecurityPolicy
                       # Allow YouTube Embeds (Govspeak turns YouTube links into embeds)
                       "*.ytimg.com",
                       "www.youtube.com",
+                      "www.youtube-nocookie.com",
                       # Allow all inline scripts until we can conclusively
                       # document all the inline scripts we use,
                       # and there's a better way to filter out junk reports
@@ -69,7 +71,7 @@ module GovukContentSecurityPolicy
     policy.object_src :none
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
-    policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com" # Allow youtube embeds
+    policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com", "www.youtube-nocookie.com" # Allow youtube embeds
 
     policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI")
   end

data/lib/govuk_app_config/version.rb

@@ -1,3 +1,3 @@
 module GovukAppConfig
-  VERSION = "1.19.0"
+  VERSION = "1.20.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: govuk_app_config
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.20.0
 platform: ruby
 authors:
 - GOV.UK Dev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-06-12 00:00:00.000000000 Z
+date: 2019-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-xray-sdk
@@ -42,44 +42,62 @@ dependencies:
   name: logstasher
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.4.0
 - !ruby/object:Gem::Dependency
   name: sentry-raven
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.7.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.7.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.10.0
 - !ruby/object:Gem::Dependency
   name: unicorn
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.4'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 5.4.0
+        version: '5.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.4'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 5.4.0
+        version: '5.6'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -114,42 +132,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.8.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: climate_control
   requirement: !ruby/object:Gem::Requirement