phraseapp-in-context-editor-ruby 3.1.1 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +17 -2
- data/examples/demo/app/views/layouts/application.html.erb +1 -1
- data/examples/demo/config/initializers/content_security_policy.rb +19 -19
- data/lib/phraseapp-in-context-editor-ruby/version.rb +1 -1
- data/lib/phraseapp-in-context-editor-ruby/view_helpers.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17c6c5e0a0f37c12c316ad48fbbd6f8778c4e1b019c42d30aa4ead61fc878d34
|
4
|
+
data.tar.gz: b1efe28346b9ac381949d14f5106ae160dc4a31f02c8555c86f597a2f7d2db12
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62f3914be6e79486b27fae858447f4d8f137a529c2df9305a3cdbd87703ab43fbea431ea31bddf993a5e240975ab373663a385d6727972f90bbd6665d698e84c
|
7
|
+
data.tar.gz: 3da9433f686cd2d4a6d5df36501ecb65501ec15be85d9980dcc13bca98ba5be813e48f7f304c82929086d451d22a88472544903ff6435e830a1586288092ee56
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
# [3.2.0](https://github.com/phrase/phraseapp-in-context-editor-ruby/compare/v3.1.1...v3.2.0) (2024-07-11)
|
2
|
+
|
3
|
+
|
4
|
+
### Features
|
5
|
+
|
6
|
+
* Added nonce support ([#86](https://github.com/phrase/phraseapp-in-context-editor-ruby/issues/86)) ([e7df6f7](https://github.com/phrase/phraseapp-in-context-editor-ruby/commit/e7df6f7b279c3823dd8a99f0b5d6e2d025863ca7))
|
7
|
+
|
1
8
|
## [3.1.1](https://github.com/phrase/phraseapp-in-context-editor-ruby/compare/v3.1.0...v3.1.1) (2024-06-14)
|
2
9
|
|
3
10
|
|
data/README.md
CHANGED
@@ -10,8 +10,8 @@
|
|
10
10
|
|
11
11
|
To use phraseapp-in-context-editor-ruby with your application you have to:
|
12
12
|
|
13
|
-
|
14
|
-
|
13
|
+
- Sign up for a Phrase account: [https://app.phrase.com/signup](https://app.phrase.com/signup)
|
14
|
+
- Use the excellent [i18n](https://github.com/ruby-i18n/i18n) gem also used by [Rails](https://guides.rubyonrails.org/i18n.html)
|
15
15
|
|
16
16
|
### Demo
|
17
17
|
|
@@ -21,11 +21,13 @@ Login via the demo credentials `demo@phrase.com` / `phrase`
|
|
21
21
|
### Installation
|
22
22
|
|
23
23
|
#### NOTE: You can not use the old version of the ICE with integration versions of >2.0.0, you have to instead use 1.x.x versions as before
|
24
|
+
|
24
25
|
#### via Gem
|
25
26
|
|
26
27
|
```bash
|
27
28
|
gem install phraseapp-in-context-editor-ruby
|
28
29
|
```
|
30
|
+
|
29
31
|
#### via Bundler
|
30
32
|
|
31
33
|
Add it to your `Gemfile`
|
@@ -84,6 +86,7 @@ Old version of the ICE is not available since version 2.0.0. If you still would
|
|
84
86
|
#### Using the US Datacenter with ICE
|
85
87
|
|
86
88
|
In addition to the settings in your `config/initializers/phraseapp_in_context_editor.rb`, set the US datacenter to enable the ICE to work with the US endpoints.
|
89
|
+
|
87
90
|
```ruby
|
88
91
|
config.enabled = true
|
89
92
|
config.project_id = "YOUR_PROJECT_ID"
|
@@ -91,6 +94,18 @@ In addition to the settings in your `config/initializers/phraseapp_in_context_ed
|
|
91
94
|
config.datacenter = "us"
|
92
95
|
```
|
93
96
|
|
97
|
+
#### Using with CSP
|
98
|
+
|
99
|
+
The script will automatically get the nonce from `content_security_policy_nonce`
|
100
|
+
The content_security_policy.rb has to have `:strict_dynamic` for `policy.script_src` since we are loading more scripts dynamically because of our way of deploying
|
101
|
+
|
102
|
+
```ruby
|
103
|
+
policy.script_src :self, :https, :strict_dynamic
|
104
|
+
policy.style_src :self, :https
|
105
|
+
```
|
106
|
+
|
107
|
+
The `config.content_security_policy_nonce_directives = %w[script-src style-src]` can include `style-src` but this _might_ break some styling in some cases
|
108
|
+
|
94
109
|
### Browser support
|
95
110
|
|
96
111
|
This library might not work out of the box for some older browser or IE11. We recommend to add [Babel](https://github.com/babel/babel) to the build pipeline if those browser need to be supported.
|
@@ -6,7 +6,7 @@
|
|
6
6
|
<%= csrf_meta_tags %>
|
7
7
|
<%= csp_meta_tag %>
|
8
8
|
|
9
|
-
<%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
|
9
|
+
<%= stylesheet_link_tag "application", "data-turbo-track": "reload", nonce: true %>
|
10
10
|
<%= javascript_importmap_tags %>
|
11
11
|
<%= load_in_context_editor %>
|
12
12
|
</head>
|
@@ -4,22 +4,22 @@
|
|
4
4
|
# See the Securing Rails Applications Guide for more information:
|
5
5
|
# https://guides.rubyonrails.org/security.html#content-security-policy-header
|
6
6
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
#
|
16
|
-
#
|
17
|
-
|
18
|
-
|
19
|
-
#
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
#
|
24
|
-
#
|
25
|
-
|
7
|
+
Rails.application.configure do
|
8
|
+
config.content_security_policy do |policy|
|
9
|
+
policy.default_src :self, :https
|
10
|
+
policy.font_src :self, :https, :data
|
11
|
+
policy.img_src :self, :https, :data
|
12
|
+
policy.object_src :none
|
13
|
+
policy.script_src :self, :https, :strict_dynamic
|
14
|
+
policy.style_src :self, :https
|
15
|
+
# Specify URI for violation reports
|
16
|
+
# policy.report_uri "/csp-violation-report-endpoint"
|
17
|
+
end
|
18
|
+
|
19
|
+
# Generate session nonces for permitted importmap and inline scripts
|
20
|
+
config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
|
21
|
+
config.content_security_policy_nonce_directives = %w[script-src style-src]
|
22
|
+
|
23
|
+
# Report violations without enforcing the policy.
|
24
|
+
# config.content_security_policy_report_only = true
|
25
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: phraseapp-in-context-editor-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Phrase
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|