panda_pal 4.0.7 → 4.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/panda_pal/engine.rb +3 -3
- data/lib/panda_pal/helpers/controller_helper.rb +6 -1
- data/lib/panda_pal/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c8be1c60f64e5a088e47e7fba1bb685e1fd943004e10120b3a833770e3b170e
|
|
4
|
+
data.tar.gz: 9aff936fd9000ac253fc5a950b79b60c1eb707638377fc9084fc4912553bf256
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d44beafb64fe37bcd37119206c6f70d68ae1eb3f7252c4368489139ec4106a1fb406742527b5859fd3369b992492416d017cfdcbd28f6b954a6163a478343d00
|
|
7
|
+
data.tar.gz: 5bfd610e35ff4c9db5265db09943467ef3ae7b9bd9ea3565befe5e7701ef01cd139adae61347ee9f9e107373432541c3be2b201b672cff186fc6b0091b792230
|
data/lib/panda_pal/engine.rb
CHANGED
|
@@ -59,7 +59,7 @@ module PandaPal
|
|
|
59
59
|
|
|
60
60
|
SecureHeaders::Configuration.default do |config|
|
|
61
61
|
# The default cookie headers aren't compatable with PandaPal cookies currenntly
|
|
62
|
-
config.cookies =
|
|
62
|
+
config.cookies = { samesite: { none: true } }
|
|
63
63
|
|
|
64
64
|
# Need to allow LTI iframes
|
|
65
65
|
config.x_frame_options = "ALLOWALL"
|
|
@@ -78,8 +78,8 @@ module PandaPal
|
|
|
78
78
|
}
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
SecureHeaders::Configuration.override(:
|
|
82
|
-
config.cookies =
|
|
81
|
+
SecureHeaders::Configuration.override(:safari_override) do |config|
|
|
82
|
+
config.cookies = SecureHeaders::OPT_OUT
|
|
83
83
|
end
|
|
84
84
|
end
|
|
85
85
|
end
|
|
@@ -26,7 +26,7 @@ module PandaPal::Helpers::ControllerHelper
|
|
|
26
26
|
|
|
27
27
|
def validate_launch!
|
|
28
28
|
authorized = false
|
|
29
|
-
|
|
29
|
+
safari_override
|
|
30
30
|
if @organization = params['oauth_consumer_key'] && PandaPal::Organization.find_by_key(params['oauth_consumer_key'])
|
|
31
31
|
sanitized_params = request.request_parameters
|
|
32
32
|
# These params come over with a safari-workaround launch. The authenticator doesn't like them, so clean them out.
|
|
@@ -88,6 +88,7 @@ module PandaPal::Helpers::ControllerHelper
|
|
|
88
88
|
else
|
|
89
89
|
render plain: 'You should do an LTI Tool Launch.', status: :unauthorized unless valid_session?
|
|
90
90
|
end
|
|
91
|
+
safari_override
|
|
91
92
|
end
|
|
92
93
|
|
|
93
94
|
def valid_session?
|
|
@@ -99,6 +100,10 @@ module PandaPal::Helpers::ControllerHelper
|
|
|
99
100
|
].all?
|
|
100
101
|
end
|
|
101
102
|
|
|
103
|
+
def safari_override
|
|
104
|
+
use_secure_headers_override(:safari_override) if browser.safari?
|
|
105
|
+
end
|
|
106
|
+
|
|
102
107
|
private
|
|
103
108
|
def organization_key
|
|
104
109
|
params[:oauth_consumer_key] || session[:organization_key]
|
data/lib/panda_pal/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: panda_pal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.0.
|
|
4
|
+
version: 4.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Instructure ProServe
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-01-
|
|
11
|
+
date: 2020-01-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|