govuk_app_config 1.19.0 → 1.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/README.md +2 -2
  4. data/govuk_app_config.gemspec +6 -6
  5. data/lib/govuk_app_config/configure.rb +9 -18
  6. data/lib/govuk_app_config/govuk_content_security_policy.rb +4 -2
  7. data/lib/govuk_app_config/version.rb +1 -1
  8. metadata +34 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d37e912e97b61b2e44e7426227dec0d41ba54f038d0c699bc211fdaf16a0d78
4
- data.tar.gz: ee89d83862262cedf567af94127caee6742418442a510a801e319a97af68d8e7
3
+ metadata.gz: 835a2266696c7d95ca1e986e01361d08c7ada615f9ca5de5380c8b1a0f75778c
4
+ data.tar.gz: ff9421aa81df71f3ed5c71676e247816ce72362cf7e78931dfe02b385b709f11
5
5
  SHA512:
6
- metadata.gz: f33fd6b8fa2860522faaf3bc0b98464060bf38f66844c81ba93e71d98cc0f10e7dd15f6dd70384ee49b8b644ca82816b7a53fd4f5310807f7582bc073d15a28d
7
- data.tar.gz: f9a936b6ef4d608aa7de868b4eeb933c5f98301f8f7fa9d0397dcbc454bde939a1e4f0b624e5739461b042f3adac0bba1526d291f96bd806c6b9996d0c7084a5
6
+ metadata.gz: 27c781bd285e5a39d4cd4fdff347589e39e646bbb36881f3f147bfc4461250d5c3c2c2b5e79daead39f42af25d7de0812e6d389142456b6ff3159eb16749f6a9
7
+ data.tar.gz: 5408fc6e77e8725d74c0e181061c82fedb90f84fa35616e5ce0bc6deca50a82248081041111db6523d28597d220c8e0e14e377b0832e0ad058ba5b0f842a4710
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ # 1.20.0
2
+
3
+ * Fix CSP in development
4
+ * Add `youtube-nocookie.com` to consent security policy
5
+ * Update dependencies
6
+ * Update error reporting code
7
+
1
8
  # 1.19.0
2
9
 
3
10
  * Use `GOVUK_CSP_REPORT_ONLY` and `GOVUK_CSP_REPORT_URI` to configure
data/README.md CHANGED
@@ -119,8 +119,8 @@ logs to `STDOUT` and unstructed logs to `STDERR`.
119
119
  ## Content Security Policy generation
120
120
 
121
121
  For frontend apps, configuration can be added to generate and serve a
122
- content security policy header. The policy is report only when the Rails
123
- environment is set to "production", and enforced otherwise.
122
+ content security policy header. The policy is report only when the
123
+ environment variable `GOVUK_CSP_REPORT_ONLY` is set, and enforced otherwise.
124
124
 
125
125
  To enable this feature, create a file at `config/initializers/csp.rb` in the
126
126
  app with the following content:
data/govuk_app_config.gemspec CHANGED
@@ -23,15 +23,15 @@ Gem::Specification.new do |spec|
23
23
 
24
24
  spec.add_dependency "aws-xray-sdk", "~> 0.10.0"
25
25
  spec.add_dependency "statsd-ruby", "~> 1.4.0"
26
- spec.add_dependency "logstasher", "~> 1.2.2"
27
- spec.add_dependency "sentry-raven", "~> 2.7.1"
28
- spec.add_dependency "unicorn", "~> 5.4.0"
26
+ spec.add_dependency "logstasher", ">= 1.2.2", "< 1.4.0"
27
+ spec.add_dependency "sentry-raven", ">= 2.7.1", "< 2.10.0"
28
+ spec.add_dependency "unicorn", ">= 5.4", "< 5.6"
29
29
 
30
30
  spec.add_development_dependency "bundler", "~> 1.15"
31
31
  spec.add_development_dependency "rails", "~> 5"
32
- spec.add_development_dependency "rake", "~> 10.0"
33
- spec.add_development_dependency "rspec", "~> 3.6.0"
34
- spec.add_development_dependency "rspec-its", "~> 1.2.0"
32
+ spec.add_development_dependency "rake", "~> 12.3"
33
+ spec.add_development_dependency "rspec", "~> 3.8.0"
34
+ spec.add_development_dependency "rspec-its", "~> 1.3.0"
35
35
  spec.add_development_dependency "climate_control"
36
36
  spec.add_development_dependency "webmock"
37
37
  spec.add_development_dependency "pry"
data/lib/govuk_app_config/configure.rb CHANGED
@@ -1,23 +1,7 @@
1
- if defined?(Airbrake)
2
- raise "This gem isn't compatible with Airbrake. Please remove it from the Gemfile."
3
- end
4
-
5
1
  GovukError.configure do |config|
6
- # We're misusing the `should_capture` block here to hook into raven until
7
- # there's a better way: https://github.com/getsentry/raven-ruby/pull/750
8
- config.should_capture = Proc.new { |e|
2
+ config.before_send = Proc.new { |e|
9
3
  GovukStatsd.increment("errors_occurred")
10
-
11
- # For backwards compatibility
12
- GovukStatsd.increment("errbit.errors_occurred")
13
-
14
- exception_class = e.respond_to?(:original_exception) ? e.original_exception.class : e.class
15
- if exception_class.ancestors.any? { |c| c.name =~ /^GdsApi::(HTTPIntermittent|TimedOutException)/ }
16
- GovukStatsd.increment("gds_api_adapters.errors.#{e.class.name.demodulize.underscore}")
17
- false
18
- else
19
- true
20
- end
4
+ GovukStatsd.increment("error_types.#{e.class.name.demodulize.underscore}")
21
5
  }
22
6
 
23
7
  config.silence_ready = !Rails.env.production? if defined?(Rails)
@@ -34,10 +18,17 @@ GovukError.configure do |config|
34
18
  'ActiveJob::DeserializationError',
35
19
  'ActiveRecord::RecordNotFound',
36
20
  'CGI::Session::CookieStore::TamperedWithCookie',
21
+ 'GdsApi::HTTPIntermittent',
22
+ 'GdsApi::TimedOutException',
37
23
  'Mongoid::Errors::DocumentNotFound',
38
24
  'Sinatra::NotFound',
39
25
  ]
40
26
 
27
+ # This will exclude exceptions that are triggered by one of the ignored
28
+ # exceptions. For example, when any exception occurs in a template,
29
+ # Rails will raise a ActionView::Template::Error, instead of the original error.
30
+ config.inspect_exception_causes_for_exclusion = true
31
+
41
32
  config.transport_failure_callback = Proc.new {
42
33
  GovukStatsd.increment("error_reports_failed")
43
34
  }
data/lib/govuk_app_config/govuk_content_security_policy.rb CHANGED
@@ -10,7 +10,8 @@ module GovukContentSecurityPolicy
10
10
 
11
11
  GOVUK_DOMAINS = [
12
12
  '*.publishing.service.gov.uk',
13
- "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}"
13
+ "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}",
14
+ "*.dev.gov.uk"
14
15
  ].uniq.freeze
15
16
 
16
17
  GOOGLE_ANALYTICS_DOMAINS = %w(www.google-analytics.com
@@ -38,6 +39,7 @@ module GovukContentSecurityPolicy
38
39
  # Allow YouTube Embeds (Govspeak turns YouTube links into embeds)
39
40
  "*.ytimg.com",
40
41
  "www.youtube.com",
42
+ "www.youtube-nocookie.com",
41
43
  # Allow all inline scripts until we can conclusively
42
44
  # document all the inline scripts we use,
43
45
  # and there's a better way to filter out junk reports
@@ -69,7 +71,7 @@ module GovukContentSecurityPolicy
69
71
  policy.object_src :none
70
72
 
71
73
  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
72
- policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com" # Allow youtube embeds
74
+ policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com", "www.youtube-nocookie.com" # Allow youtube embeds
73
75
 
74
76
  policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI")
75
77
  end
data/lib/govuk_app_config/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module GovukAppConfig
2
- VERSION = "1.19.0"
2
+ VERSION = "1.20.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: govuk_app_config
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.19.0
4
+ version: 1.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-06-12 00:00:00.000000000 Z
11
+ date: 2019-07-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-xray-sdk
@@ -42,44 +42,62 @@ dependencies:
42
42
  name: logstasher
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: 1.2.2
48
+ - - "<"
49
+ - !ruby/object:Gem::Version
50
+ version: 1.4.0
48
51
  type: :runtime
49
52
  prerelease: false
50
53
  version_requirements: !ruby/object:Gem::Requirement
51
54
  requirements:
52
- - - "~>"
55
+ - - ">="
53
56
  - !ruby/object:Gem::Version
54
57
  version: 1.2.2
58
+ - - "<"
59
+ - !ruby/object:Gem::Version
60
+ version: 1.4.0
55
61
  - !ruby/object:Gem::Dependency
56
62
  name: sentry-raven
57
63
  requirement: !ruby/object:Gem::Requirement
58
64
  requirements:
59
- - - "~>"
65
+ - - ">="
60
66
  - !ruby/object:Gem::Version
61
67
  version: 2.7.1
68
+ - - "<"
69
+ - !ruby/object:Gem::Version
70
+ version: 2.10.0
62
71
  type: :runtime
63
72
  prerelease: false
64
73
  version_requirements: !ruby/object:Gem::Requirement
65
74
  requirements:
66
- - - "~>"
75
+ - - ">="
67
76
  - !ruby/object:Gem::Version
68
77
  version: 2.7.1
78
+ - - "<"
79
+ - !ruby/object:Gem::Version
80
+ version: 2.10.0
69
81
  - !ruby/object:Gem::Dependency
70
82
  name: unicorn
71
83
  requirement: !ruby/object:Gem::Requirement
72
84
  requirements:
73
- - - "~>"
85
+ - - ">="
86
+ - !ruby/object:Gem::Version
87
+ version: '5.4'
88
+ - - "<"
74
89
  - !ruby/object:Gem::Version
75
- version: 5.4.0
90
+ version: '5.6'
76
91
  type: :runtime
77
92
  prerelease: false
78
93
  version_requirements: !ruby/object:Gem::Requirement
79
94
  requirements:
80
- - - "~>"
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '5.4'
98
+ - - "<"
81
99
  - !ruby/object:Gem::Version
82
- version: 5.4.0
100
+ version: '5.6'
83
101
  - !ruby/object:Gem::Dependency
84
102
  name: bundler
85
103
  requirement: !ruby/object:Gem::Requirement
@@ -114,42 +132,42 @@ dependencies:
114
132
  requirements:
115
133
  - - "~>"
116
134
  - !ruby/object:Gem::Version
117
- version: '10.0'
135
+ version: '12.3'
118
136
  type: :development
119
137
  prerelease: false
120
138
  version_requirements: !ruby/object:Gem::Requirement
121
139
  requirements:
122
140
  - - "~>"
123
141
  - !ruby/object:Gem::Version
124
- version: '10.0'
142
+ version: '12.3'
125
143
  - !ruby/object:Gem::Dependency
126
144
  name: rspec
127
145
  requirement: !ruby/object:Gem::Requirement
128
146
  requirements:
129
147
  - - "~>"
130
148
  - !ruby/object:Gem::Version
131
- version: 3.6.0
149
+ version: 3.8.0
132
150
  type: :development
133
151
  prerelease: false
134
152
  version_requirements: !ruby/object:Gem::Requirement
135
153
  requirements:
136
154
  - - "~>"
137
155
  - !ruby/object:Gem::Version
138
- version: 3.6.0
156
+ version: 3.8.0
139
157
  - !ruby/object:Gem::Dependency
140
158
  name: rspec-its
141
159
  requirement: !ruby/object:Gem::Requirement
142
160
  requirements:
143
161
  - - "~>"
144
162
  - !ruby/object:Gem::Version
145
- version: 1.2.0
163
+ version: 1.3.0
146
164
  type: :development
147
165
  prerelease: false
148
166
  version_requirements: !ruby/object:Gem::Requirement
149
167
  requirements:
150
168
  - - "~>"
151
169
  - !ruby/object:Gem::Version
152
- version: 1.2.0
170
+ version: 1.3.0
153
171
  - !ruby/object:Gem::Dependency
154
172
  name: climate_control
155
173
  requirement: !ruby/object:Gem::Requirement