govuk_app_config 1.19.0 → 1.20.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d37e912e97b61b2e44e7426227dec0d41ba54f038d0c699bc211fdaf16a0d78
4
- data.tar.gz: ee89d83862262cedf567af94127caee6742418442a510a801e319a97af68d8e7
3
+ metadata.gz: 835a2266696c7d95ca1e986e01361d08c7ada615f9ca5de5380c8b1a0f75778c
4
+ data.tar.gz: ff9421aa81df71f3ed5c71676e247816ce72362cf7e78931dfe02b385b709f11
5
5
  SHA512:
6
- metadata.gz: f33fd6b8fa2860522faaf3bc0b98464060bf38f66844c81ba93e71d98cc0f10e7dd15f6dd70384ee49b8b644ca82816b7a53fd4f5310807f7582bc073d15a28d
7
- data.tar.gz: f9a936b6ef4d608aa7de868b4eeb933c5f98301f8f7fa9d0397dcbc454bde939a1e4f0b624e5739461b042f3adac0bba1526d291f96bd806c6b9996d0c7084a5
6
+ metadata.gz: 27c781bd285e5a39d4cd4fdff347589e39e646bbb36881f3f147bfc4461250d5c3c2c2b5e79daead39f42af25d7de0812e6d389142456b6ff3159eb16749f6a9
7
+ data.tar.gz: 5408fc6e77e8725d74c0e181061c82fedb90f84fa35616e5ce0bc6deca50a82248081041111db6523d28597d220c8e0e14e377b0832e0ad058ba5b0f842a4710
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ # 1.20.0
2
+
3
+ * Fix CSP in development
4
+ * Add `youtube-nocookie.com` to consent security policy
5
+ * Update dependencies
6
+ * Update error reporting code
7
+
1
8
  # 1.19.0
2
9
 
3
10
  * Use `GOVUK_CSP_REPORT_ONLY` and `GOVUK_CSP_REPORT_URI` to configure
data/README.md CHANGED
@@ -119,8 +119,8 @@ logs to `STDOUT` and unstructed logs to `STDERR`.
119
119
  ## Content Security Policy generation
120
120
 
121
121
  For frontend apps, configuration can be added to generate and serve a
122
- content security policy header. The policy is report only when the Rails
123
- environment is set to "production", and enforced otherwise.
122
+ content security policy header. The policy is report only when the
123
+ environment variable `GOVUK_CSP_REPORT_ONLY` is set, and enforced otherwise.
124
124
 
125
125
  To enable this feature, create a file at `config/initializers/csp.rb` in the
126
126
  app with the following content:
@@ -23,15 +23,15 @@ Gem::Specification.new do |spec|
23
23
 
24
24
  spec.add_dependency "aws-xray-sdk", "~> 0.10.0"
25
25
  spec.add_dependency "statsd-ruby", "~> 1.4.0"
26
- spec.add_dependency "logstasher", "~> 1.2.2"
27
- spec.add_dependency "sentry-raven", "~> 2.7.1"
28
- spec.add_dependency "unicorn", "~> 5.4.0"
26
+ spec.add_dependency "logstasher", ">= 1.2.2", "< 1.4.0"
27
+ spec.add_dependency "sentry-raven", ">= 2.7.1", "< 2.10.0"
28
+ spec.add_dependency "unicorn", ">= 5.4", "< 5.6"
29
29
 
30
30
  spec.add_development_dependency "bundler", "~> 1.15"
31
31
  spec.add_development_dependency "rails", "~> 5"
32
- spec.add_development_dependency "rake", "~> 10.0"
33
- spec.add_development_dependency "rspec", "~> 3.6.0"
34
- spec.add_development_dependency "rspec-its", "~> 1.2.0"
32
+ spec.add_development_dependency "rake", "~> 12.3"
33
+ spec.add_development_dependency "rspec", "~> 3.8.0"
34
+ spec.add_development_dependency "rspec-its", "~> 1.3.0"
35
35
  spec.add_development_dependency "climate_control"
36
36
  spec.add_development_dependency "webmock"
37
37
  spec.add_development_dependency "pry"
@@ -1,23 +1,7 @@
1
- if defined?(Airbrake)
2
- raise "This gem isn't compatible with Airbrake. Please remove it from the Gemfile."
3
- end
4
-
5
1
  GovukError.configure do |config|
6
- # We're misusing the `should_capture` block here to hook into raven until
7
- # there's a better way: https://github.com/getsentry/raven-ruby/pull/750
8
- config.should_capture = Proc.new { |e|
2
+ config.before_send = Proc.new { |e|
9
3
  GovukStatsd.increment("errors_occurred")
10
-
11
- # For backwards compatibility
12
- GovukStatsd.increment("errbit.errors_occurred")
13
-
14
- exception_class = e.respond_to?(:original_exception) ? e.original_exception.class : e.class
15
- if exception_class.ancestors.any? { |c| c.name =~ /^GdsApi::(HTTPIntermittent|TimedOutException)/ }
16
- GovukStatsd.increment("gds_api_adapters.errors.#{e.class.name.demodulize.underscore}")
17
- false
18
- else
19
- true
20
- end
4
+ GovukStatsd.increment("error_types.#{e.class.name.demodulize.underscore}")
21
5
  }
22
6
 
23
7
  config.silence_ready = !Rails.env.production? if defined?(Rails)
@@ -34,10 +18,17 @@ GovukError.configure do |config|
34
18
  'ActiveJob::DeserializationError',
35
19
  'ActiveRecord::RecordNotFound',
36
20
  'CGI::Session::CookieStore::TamperedWithCookie',
21
+ 'GdsApi::HTTPIntermittent',
22
+ 'GdsApi::TimedOutException',
37
23
  'Mongoid::Errors::DocumentNotFound',
38
24
  'Sinatra::NotFound',
39
25
  ]
40
26
 
27
+ # This will exclude exceptions that are triggered by one of the ignored
28
+ # exceptions. For example, when any exception occurs in a template,
29
+ # Rails will raise a ActionView::Template::Error, instead of the original error.
30
+ config.inspect_exception_causes_for_exclusion = true
31
+
41
32
  config.transport_failure_callback = Proc.new {
42
33
  GovukStatsd.increment("error_reports_failed")
43
34
  }
@@ -10,7 +10,8 @@ module GovukContentSecurityPolicy
10
10
 
11
11
  GOVUK_DOMAINS = [
12
12
  '*.publishing.service.gov.uk',
13
- "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}"
13
+ "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}",
14
+ "*.dev.gov.uk"
14
15
  ].uniq.freeze
15
16
 
16
17
  GOOGLE_ANALYTICS_DOMAINS = %w(www.google-analytics.com
@@ -38,6 +39,7 @@ module GovukContentSecurityPolicy
38
39
  # Allow YouTube Embeds (Govspeak turns YouTube links into embeds)
39
40
  "*.ytimg.com",
40
41
  "www.youtube.com",
42
+ "www.youtube-nocookie.com",
41
43
  # Allow all inline scripts until we can conclusively
42
44
  # document all the inline scripts we use,
43
45
  # and there's a better way to filter out junk reports
@@ -69,7 +71,7 @@ module GovukContentSecurityPolicy
69
71
  policy.object_src :none
70
72
 
71
73
  # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
72
- policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com" # Allow youtube embeds
74
+ policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com", "www.youtube-nocookie.com" # Allow youtube embeds
73
75
 
74
76
  policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI")
75
77
  end
@@ -1,3 +1,3 @@
1
1
  module GovukAppConfig
2
- VERSION = "1.19.0"
2
+ VERSION = "1.20.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: govuk_app_config
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.19.0
4
+ version: 1.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-06-12 00:00:00.000000000 Z
11
+ date: 2019-07-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-xray-sdk
@@ -42,44 +42,62 @@ dependencies:
42
42
  name: logstasher
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: 1.2.2
48
+ - - "<"
49
+ - !ruby/object:Gem::Version
50
+ version: 1.4.0
48
51
  type: :runtime
49
52
  prerelease: false
50
53
  version_requirements: !ruby/object:Gem::Requirement
51
54
  requirements:
52
- - - "~>"
55
+ - - ">="
53
56
  - !ruby/object:Gem::Version
54
57
  version: 1.2.2
58
+ - - "<"
59
+ - !ruby/object:Gem::Version
60
+ version: 1.4.0
55
61
  - !ruby/object:Gem::Dependency
56
62
  name: sentry-raven
57
63
  requirement: !ruby/object:Gem::Requirement
58
64
  requirements:
59
- - - "~>"
65
+ - - ">="
60
66
  - !ruby/object:Gem::Version
61
67
  version: 2.7.1
68
+ - - "<"
69
+ - !ruby/object:Gem::Version
70
+ version: 2.10.0
62
71
  type: :runtime
63
72
  prerelease: false
64
73
  version_requirements: !ruby/object:Gem::Requirement
65
74
  requirements:
66
- - - "~>"
75
+ - - ">="
67
76
  - !ruby/object:Gem::Version
68
77
  version: 2.7.1
78
+ - - "<"
79
+ - !ruby/object:Gem::Version
80
+ version: 2.10.0
69
81
  - !ruby/object:Gem::Dependency
70
82
  name: unicorn
71
83
  requirement: !ruby/object:Gem::Requirement
72
84
  requirements:
73
- - - "~>"
85
+ - - ">="
86
+ - !ruby/object:Gem::Version
87
+ version: '5.4'
88
+ - - "<"
74
89
  - !ruby/object:Gem::Version
75
- version: 5.4.0
90
+ version: '5.6'
76
91
  type: :runtime
77
92
  prerelease: false
78
93
  version_requirements: !ruby/object:Gem::Requirement
79
94
  requirements:
80
- - - "~>"
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '5.4'
98
+ - - "<"
81
99
  - !ruby/object:Gem::Version
82
- version: 5.4.0
100
+ version: '5.6'
83
101
  - !ruby/object:Gem::Dependency
84
102
  name: bundler
85
103
  requirement: !ruby/object:Gem::Requirement
@@ -114,42 +132,42 @@ dependencies:
114
132
  requirements:
115
133
  - - "~>"
116
134
  - !ruby/object:Gem::Version
117
- version: '10.0'
135
+ version: '12.3'
118
136
  type: :development
119
137
  prerelease: false
120
138
  version_requirements: !ruby/object:Gem::Requirement
121
139
  requirements:
122
140
  - - "~>"
123
141
  - !ruby/object:Gem::Version
124
- version: '10.0'
142
+ version: '12.3'
125
143
  - !ruby/object:Gem::Dependency
126
144
  name: rspec
127
145
  requirement: !ruby/object:Gem::Requirement
128
146
  requirements:
129
147
  - - "~>"
130
148
  - !ruby/object:Gem::Version
131
- version: 3.6.0
149
+ version: 3.8.0
132
150
  type: :development
133
151
  prerelease: false
134
152
  version_requirements: !ruby/object:Gem::Requirement
135
153
  requirements:
136
154
  - - "~>"
137
155
  - !ruby/object:Gem::Version
138
- version: 3.6.0
156
+ version: 3.8.0
139
157
  - !ruby/object:Gem::Dependency
140
158
  name: rspec-its
141
159
  requirement: !ruby/object:Gem::Requirement
142
160
  requirements:
143
161
  - - "~>"
144
162
  - !ruby/object:Gem::Version
145
- version: 1.2.0
163
+ version: 1.3.0
146
164
  type: :development
147
165
  prerelease: false
148
166
  version_requirements: !ruby/object:Gem::Requirement
149
167
  requirements:
150
168
  - - "~>"
151
169
  - !ruby/object:Gem::Version
152
- version: 1.2.0
170
+ version: 1.3.0
153
171
  - !ruby/object:Gem::Dependency
154
172
  name: climate_control
155
173
  requirement: !ruby/object:Gem::Requirement