query_diet 0.6.1 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 63b41117d8dd5d5e67272b8d4fcabc22b4068bac
-  data.tar.gz: '08680b0daeeb2198831f722750cc6d494ff59e82'
+SHA256:
+  metadata.gz: d4cbd625d753ea248e00e78049554a3a385dbb1ef3c45d70d77e0b957034538a
+  data.tar.gz: 4e636ba8f1a2d39648ec6072d7be893d0e105854f003d26dfd618f4745e1aa2a
 SHA512:
-  metadata.gz: f34ca786690572f2b092b4150792be7e8734a74245fb63754b4fbfb8ad1c7caa0f250bb52ec1176b9aa2f57db777ec03413ac1f01be6e90580a844a53bfb8dac
-  data.tar.gz: b94095083324e7b117315ffb69e6b76b334714daa7e654f14f69425f491dd08fb8d77856126f3781c41522437d0566125f1c4dc39d07170453a8f38c2d0bdf2e
+  metadata.gz: d1e410f4870b44b6dfb708292f4e3c01a673572e752f4084e421e4bab74075a207db37e109cdfaf080b9be922c1a760b68c240ebf96a29b8fd29a08681e6d862
+  data.tar.gz: 5607974067f7ac67cb619f8f8a89596f8ea39fa52a8adfa9eb6371a26e00e847faeb37319478c64b54ee928539672148074c21251fa6ab09d5bb2147b09fc4eb

data/README.md

@@ -1,4 +1,4 @@
-Query Diet [![Build Status](https://travis-ci.org/makandra/query_diet.svg?branch=master)](https://travis-ci.org/makandra/query_diet)
+Query Diet [![Tests](https://github.com/makandra/query_diet/workflows/Tests/badge.svg)](https://github.com/makandra/query_diet/actions)
 ==========
 
 Query Diet counts the number of database queries for the last request and *subtly* displays it in the upper right corner of your screen.
@@ -45,10 +45,29 @@ To change the default, simply pass them to the `query_diet_widget` helper:
 <%= query_diet_widget(:bad_count => 4, :bad_time => 2000) %>
 ```
 
+### Content Security Policy
+
+You can pass whether to use a nonce for style and script tags.
+Note that the key must be a symbol like in the example below, otherwise it defaults to `false`.
+
+```Erb
+<%= query_diet_widget(:nonce => true) if Rails.env.development? %>
+```
+
+In your content security policy initializer of the project you should set the nonce to those directives:
+```Erb
+Rails.application.config.content_security_policy_nonce_directives = %w[script-src style-src]
+```
+
+When you do not want to use a nonce, but use a style tag, for example, you could use `unsafe_inline`:
+```Erb
+Rails.application.config.content_security_policy do |policy|
+  policy.style_src   :self, :unsafe_inline
+```
 
 ### Rails compatibility
 
-The gem is tested to work with Rails 3.2+ and Ruby 2.0+.
+The gem is tested to work with Rails 3.2+ and Ruby 2.5.8+.
 
 For Rails 2.3 and Ruby 1.8.7 support, use a version < 0.6.
 

data/lib/query_diet/active_record_ext.rb

@@ -1,7 +1,13 @@
 module QueryDiet
   module ActiveRecordExt
-    def log(query, *)
-      QueryDiet::Logger.log(query) { super }
+    if RUBY_VERSION >= '3'
+      def log(query, *, **)
+        QueryDiet::Logger.log(query) { super }
+      end
+    else
+      def log(query, *)
+        QueryDiet::Logger.log(query) { super }
+      end
     end
   end
 end

data/lib/query_diet/version.rb

@@ -1,3 +1,3 @@
 module QueryDiet
-  VERSION = '0.6.1'
+  VERSION = '0.7.1'
 end

data/lib/query_diet/widget.rb

@@ -2,16 +2,16 @@ module QueryDiet
   module Widget
     class << self
 
-      def css
+      def css(nonce_attribute)
         <<-EOF
-        <style type="text/css"><!--
+        <style type="text/css"#{nonce_attribute}><!--
           div#query_diet {
             position: absolute;
             top: 0;
             right: 0;
             background-color: black;
             color: white;
-            z-index: 999;
+            z-index: 99999;
             padding: 4px 6px;
             font: normal bold 12px/12px Arial, sans-serif;
             cursor: pointer;
@@ -31,9 +31,19 @@ module QueryDiet
         EOF
       end
 
+      def js(nonce_attribute)
+        <<-EOF
+        <script type="text/javascript"#{nonce_attribute}>
+          document.getElementById("query_diet").addEventListener("click", function() {
+            this.parentNode.removeChild(this);
+          });
+        </script>
+        EOF
+      end
+
       def html(options)
         <<-EOF
-        <div id="query_diet" class="#{QueryDiet::Logger.bad?(options) ? 'bad' : 'good' }" onclick="this.parentNode.removeChild(this);">
+        <div id="query_diet" class="#{QueryDiet::Logger.bad?(options) ? 'bad' : 'good' }">
           #{QueryDiet::Logger.count} / #{QueryDiet::Logger.time}ms
         </div>
         EOF
@@ -43,7 +53,12 @@ module QueryDiet
 
     module Helper
       def query_diet_widget(options = {})
-        html = Widget.css + Widget.html(options)
+        default_html_options = {:nonce => false}
+        options = options.reverse_merge(default_html_options)
+
+        nonce_attribute = options.fetch(:nonce) ? " nonce=\"#{content_security_policy_nonce}\"" : ''
+
+        html = Widget.css(nonce_attribute) + Widget.html(options) + Widget.js(nonce_attribute)
         html.respond_to?(:html_safe) ? html.html_safe : html
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: query_diet
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.1
 platform: ruby
 authors:
 - Henning Koch
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-07 00:00:00.000000000 Z
+date: 2022-02-25 00:00:00.000000000 Z
 dependencies: []
 description: Rails database query counter that stays out of your way
 email: github@makandra.de
@@ -28,7 +28,8 @@ files:
 homepage: https://github.com/makandra/query_diet
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -44,8 +45,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Rails database query counter that stays out of your way