rollbar 3.0.1 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +118 -0
- data/.rubocop.yml +1 -1
- data/Gemfile +14 -7
- data/README.md +1 -1
- data/data/rollbar.snippet.js +1 -1
- data/gemfiles/rails30.gemfile +8 -11
- data/gemfiles/rails31.gemfile +10 -12
- data/gemfiles/rails32.gemfile +8 -11
- data/gemfiles/rails40.gemfile +7 -11
- data/gemfiles/rails41.gemfile +7 -11
- data/gemfiles/rails42.gemfile +5 -11
- data/gemfiles/rails50.gemfile +7 -12
- data/gemfiles/rails51.gemfile +7 -12
- data/gemfiles/rails52.gemfile +3 -10
- data/gemfiles/rails60.gemfile +5 -17
- data/gemfiles/rails61.gemfile +54 -0
- data/lib/rollbar/capistrano_tasks.rb +22 -4
- data/lib/rollbar/configuration.rb +4 -0
- data/lib/rollbar/item.rb +17 -4
- data/lib/rollbar/item/locals.rb +0 -1
- data/lib/rollbar/lazy_store.rb +2 -4
- data/lib/rollbar/middleware/js.rb +28 -18
- data/lib/rollbar/notifier.rb +5 -1
- data/lib/rollbar/plugins/sidekiq.rb +1 -1
- data/lib/rollbar/plugins/sidekiq/plugin.rb +36 -19
- data/lib/rollbar/plugins/thread.rb +8 -7
- data/lib/rollbar/scrubbers/url.rb +15 -1
- data/lib/rollbar/version.rb +1 -1
- metadata +5 -5
- data/.travis.yml +0 -268
data/gemfiles/rails50.gemfile
CHANGED
@@ -2,18 +2,12 @@ require 'rubygems/version'
|
|
2
2
|
|
3
3
|
source 'https://rubygems.org'
|
4
4
|
|
5
|
-
# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
|
6
|
-
# new process is created during tests. (Testing rake tasks, for example.)
|
7
|
-
# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
|
8
|
-
# We use the ||= assignment because Travis loads the gemfile twice, the second time
|
9
|
-
# with the wrong gemfile path.
|
10
|
-
ENV['CURRENT_GEMFILE'] ||= __FILE__
|
11
|
-
|
12
5
|
is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
|
13
6
|
|
14
|
-
gem 'appraisal'
|
15
7
|
gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
|
16
8
|
gem 'jruby-openssl', :platform => :jruby
|
9
|
+
gem 'net-ssh', '<= 3.1.1'
|
10
|
+
gem 'public_suffix', '<= 3.1.1'
|
17
11
|
gem 'rails', '~> 5.0.7'
|
18
12
|
gem 'sqlite3', '< 1.4.0', :platform => [:ruby, :mswin, :mingw]
|
19
13
|
|
@@ -31,13 +25,13 @@ platforms :rbx do
|
|
31
25
|
gem 'minitest'
|
32
26
|
gem 'racc'
|
33
27
|
gem 'rubinius-developer_tools'
|
34
|
-
gem 'rubysl', '~> 2.0'
|
28
|
+
gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
|
35
29
|
end
|
36
30
|
|
37
31
|
gem 'capistrano', :require => false
|
38
32
|
gem 'sucker_punch', '~> 2.0'
|
39
33
|
gem 'codacy-coverage'
|
40
|
-
gem 'simplecov'
|
34
|
+
gem 'simplecov', '<= 0.17.1'
|
41
35
|
|
42
36
|
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.3')
|
43
37
|
gem 'rack', '2.1.2'
|
@@ -45,12 +39,13 @@ end
|
|
45
39
|
|
46
40
|
# We need last sinatra that uses rack 2.1.x
|
47
41
|
gem 'sinatra', :git => 'https://github.com/sinatra/sinatra', :tag => 'v2.0.8'
|
48
|
-
gem 'database_cleaner'
|
42
|
+
gem 'database_cleaner', '~> 1.8.4'
|
49
43
|
gem 'delayed_job', :require => false
|
50
44
|
gem 'generator_spec'
|
51
45
|
gem 'girl_friday', '>= 0.11.1'
|
52
|
-
gem 'redis'
|
46
|
+
gem 'redis', '<= 3.3.5'
|
53
47
|
gem 'resque'
|
48
|
+
gem 'secure_headers', '~> 6.3.2', :require => false
|
54
49
|
|
55
50
|
unless is_jruby
|
56
51
|
# JRuby doesn't support fork, which is required for this test helper.
|
data/gemfiles/rails51.gemfile
CHANGED
@@ -2,18 +2,12 @@ require 'rubygems/version'
|
|
2
2
|
|
3
3
|
source 'https://rubygems.org'
|
4
4
|
|
5
|
-
# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
|
6
|
-
# new process is created during tests. (Testing rake tasks, for example.)
|
7
|
-
# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
|
8
|
-
# We use the ||= assignment because Travis loads the gemfile twice, the second time
|
9
|
-
# with the wrong gemfile path.
|
10
|
-
ENV['CURRENT_GEMFILE'] ||= __FILE__
|
11
|
-
|
12
5
|
is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
|
13
6
|
|
14
|
-
gem 'appraisal'
|
15
7
|
gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
|
16
8
|
gem 'jruby-openssl', :platform => :jruby
|
9
|
+
gem 'net-ssh', '<= 3.1.1'
|
10
|
+
gem 'public_suffix', '<= 3.1.1'
|
17
11
|
gem 'rails', '~> 5.1.7'
|
18
12
|
gem 'sqlite3', '< 1.4.0', :platform => [:ruby, :mswin, :mingw]
|
19
13
|
|
@@ -31,13 +25,13 @@ platforms :rbx do
|
|
31
25
|
gem 'minitest'
|
32
26
|
gem 'racc'
|
33
27
|
gem 'rubinius-developer_tools'
|
34
|
-
gem 'rubysl', '~> 2.0'
|
28
|
+
gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
|
35
29
|
end
|
36
30
|
|
37
31
|
gem 'capistrano', :require => false
|
38
32
|
gem 'sucker_punch', '~> 2.0'
|
39
33
|
gem 'codacy-coverage'
|
40
|
-
gem 'simplecov'
|
34
|
+
gem 'simplecov', '<= 0.17.1'
|
41
35
|
|
42
36
|
if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.3')
|
43
37
|
gem 'rack', '2.1.2'
|
@@ -46,12 +40,13 @@ end
|
|
46
40
|
# We need last sinatra that uses rack 2.1.x
|
47
41
|
gem 'sinatra', :git => 'https://github.com/sinatra/sinatra', :tag => 'v2.0.8'
|
48
42
|
|
49
|
-
gem 'database_cleaner'
|
43
|
+
gem 'database_cleaner', '~> 1.8.4'
|
50
44
|
gem 'delayed_job', :require => false
|
51
45
|
gem 'generator_spec'
|
52
46
|
gem 'girl_friday', '>= 0.11.1'
|
53
|
-
gem 'redis'
|
47
|
+
gem 'redis', '<= 3.3.5'
|
54
48
|
gem 'resque'
|
49
|
+
gem 'secure_headers', '~> 6.3.2', :require => false
|
55
50
|
|
56
51
|
unless is_jruby
|
57
52
|
# JRuby doesn't support fork, which is required for this test helper.
|
data/gemfiles/rails52.gemfile
CHANGED
@@ -2,16 +2,8 @@ require 'rubygems/version'
|
|
2
2
|
|
3
3
|
source 'https://rubygems.org'
|
4
4
|
|
5
|
-
# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
|
6
|
-
# new process is created during tests. (Testing rake tasks, for example.)
|
7
|
-
# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
|
8
|
-
# We use the ||= assignment because Travis loads the gemfile twice, the second time
|
9
|
-
# with the wrong gemfile path.
|
10
|
-
ENV['CURRENT_GEMFILE'] ||= __FILE__
|
11
|
-
|
12
5
|
is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
|
13
6
|
|
14
|
-
gem 'appraisal'
|
15
7
|
gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
|
16
8
|
gem 'jruby-openssl', :platform => :jruby
|
17
9
|
gem 'rails', '~> 5.2.3'
|
@@ -31,7 +23,7 @@ platforms :rbx do
|
|
31
23
|
gem 'minitest'
|
32
24
|
gem 'racc'
|
33
25
|
gem 'rubinius-developer_tools'
|
34
|
-
gem 'rubysl', '~> 2.0'
|
26
|
+
gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
|
35
27
|
end
|
36
28
|
|
37
29
|
gem 'sucker_punch', '~> 2.0'
|
@@ -46,7 +38,8 @@ gem 'generator_spec'
|
|
46
38
|
gem 'girl_friday', '>= 0.11.1'
|
47
39
|
gem 'redis'
|
48
40
|
gem 'resque'
|
49
|
-
gem '
|
41
|
+
gem 'secure_headers', '~> 6.3.2', :require => false
|
42
|
+
gem 'simplecov', '<= 0.17.1'
|
50
43
|
|
51
44
|
unless is_jruby
|
52
45
|
# JRuby doesn't support fork, which is required for this test helper.
|
data/gemfiles/rails60.gemfile
CHANGED
@@ -3,27 +3,14 @@ require 'rubygems/version'
|
|
3
3
|
|
4
4
|
source 'https://rubygems.org'
|
5
5
|
|
6
|
-
# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
|
7
|
-
# new process is created during tests. (Testing rake tasks, for example.)
|
8
|
-
# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
|
9
|
-
# We use the ||= assignment because Travis loads the gemfile twice, the second time
|
10
|
-
# with the wrong gemfile path.
|
11
|
-
ENV['CURRENT_GEMFILE'] ||= __FILE__
|
12
|
-
|
13
6
|
is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
|
14
7
|
|
15
|
-
gem 'appraisal'
|
16
8
|
gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
|
17
9
|
gem 'jruby-openssl', :platform => :jruby
|
18
|
-
gem 'rails', '6.0.2
|
10
|
+
gem 'rails', '~> 6.0.2'
|
19
11
|
gem 'sqlite3', '~> 1.4', :platform => [:ruby, :mswin, :mingw]
|
20
12
|
|
21
|
-
gem 'rspec-
|
22
|
-
gem 'rspec-support', '~> 3.8.0'
|
23
|
-
gem 'rspec-expectations', '~> 3.8.0'
|
24
|
-
gem 'rspec-mocks', '~> 3.8.0'
|
25
|
-
# TODO: update this when 4.x becomes available on Rubygems
|
26
|
-
gem 'rspec-rails', :git => 'https://github.com/rspec/rspec-rails', :ref => 'v4.0.0.beta2' # rubocop:disable Bundler/DuplicatedGem
|
13
|
+
gem 'rspec-rails', '~> 4.0.2'
|
27
14
|
|
28
15
|
gem 'rake'
|
29
16
|
|
@@ -33,7 +20,7 @@ platforms :rbx do
|
|
33
20
|
gem 'minitest'
|
34
21
|
gem 'racc'
|
35
22
|
gem 'rubinius-developer_tools'
|
36
|
-
gem 'rubysl', '~> 2.0'
|
23
|
+
gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
|
37
24
|
end
|
38
25
|
|
39
26
|
gem 'sucker_punch', '~> 2.0'
|
@@ -43,11 +30,12 @@ gem 'sinatra', :git => 'https://github.com/sinatra/sinatra'
|
|
43
30
|
|
44
31
|
gem 'database_cleaner'
|
45
32
|
gem 'codacy-coverage'
|
46
|
-
gem 'delayed_job', '4.1.
|
33
|
+
gem 'delayed_job', '4.1.9', :require => false
|
47
34
|
gem 'generator_spec'
|
48
35
|
gem 'girl_friday', '>= 0.11.1'
|
49
36
|
gem 'redis'
|
50
37
|
gem 'resque'
|
38
|
+
gem 'secure_headers', '~> 6.3.2', :require => false
|
51
39
|
gem 'simplecov'
|
52
40
|
|
53
41
|
unless is_jruby
|
@@ -0,0 +1,54 @@
|
|
1
|
+
require 'rubygems/version'
|
2
|
+
|
3
|
+
source 'https://rubygems.org'
|
4
|
+
|
5
|
+
is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
|
6
|
+
|
7
|
+
gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
|
8
|
+
gem 'jruby-openssl', :platform => :jruby
|
9
|
+
gem 'rails', '~> 6.1.3'
|
10
|
+
gem 'sqlite3', '~> 1.4', :platform => [:ruby, :mswin, :mingw]
|
11
|
+
|
12
|
+
gem 'rspec-rails', '~> 4.0.2'
|
13
|
+
|
14
|
+
gem 'rake'
|
15
|
+
|
16
|
+
gem 'sidekiq', '>= 2.13.0'
|
17
|
+
|
18
|
+
platforms :rbx do
|
19
|
+
gem 'minitest'
|
20
|
+
gem 'racc'
|
21
|
+
gem 'rubinius-developer_tools'
|
22
|
+
gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
|
23
|
+
end
|
24
|
+
|
25
|
+
gem 'sucker_punch', '~> 2.0'
|
26
|
+
|
27
|
+
# We need last sinatra that uses rack 2.x
|
28
|
+
gem 'sinatra', :git => 'https://github.com/sinatra/sinatra'
|
29
|
+
|
30
|
+
gem 'database_cleaner'
|
31
|
+
gem 'codacy-coverage'
|
32
|
+
gem 'delayed_job', '4.1.9', :require => false
|
33
|
+
gem 'generator_spec'
|
34
|
+
gem 'girl_friday', '>= 0.11.1'
|
35
|
+
gem 'redis'
|
36
|
+
gem 'resque'
|
37
|
+
gem 'secure_headers', '~> 6.3.2', :require => false
|
38
|
+
gem 'simplecov'
|
39
|
+
|
40
|
+
unless is_jruby
|
41
|
+
# JRuby doesn't support fork, which is required for this test helper.
|
42
|
+
gem 'rspec-command'
|
43
|
+
end
|
44
|
+
|
45
|
+
gem 'mime-types'
|
46
|
+
|
47
|
+
gem 'webmock', :require => false
|
48
|
+
|
49
|
+
gem 'aws-sdk-sqs'
|
50
|
+
gem 'shoryuken'
|
51
|
+
|
52
|
+
gem 'capistrano', :require => false
|
53
|
+
|
54
|
+
gemspec :path => '../'
|
@@ -16,7 +16,9 @@ module Rollbar
|
|
16
16
|
if result[:success] && (deploy_id = result[:data] && result[:data][:deploy_id])
|
17
17
|
capistrano.set :rollbar_deploy_id, deploy_id
|
18
18
|
else
|
19
|
-
|
19
|
+
message = format_message('Unable to report deploy to Rollbar',
|
20
|
+
result[:message])
|
21
|
+
log_error(logger, message)
|
20
22
|
end
|
21
23
|
end
|
22
24
|
end
|
@@ -42,7 +44,7 @@ module Rollbar
|
|
42
44
|
yield
|
43
45
|
|
44
46
|
rescue StandardError => e
|
45
|
-
logger
|
47
|
+
log_error logger, "Error reporting to Rollbar: #{e.inspect}"
|
46
48
|
end
|
47
49
|
|
48
50
|
def deploy_update(capistrano, logger, dry_run, opts = {})
|
@@ -56,7 +58,9 @@ module Rollbar
|
|
56
58
|
if result[:success]
|
57
59
|
logger.info 'Updated deploy status in Rollbar'
|
58
60
|
else
|
59
|
-
|
61
|
+
message = format_message('Unable to update deploy status in Rollbar',
|
62
|
+
result[:message])
|
63
|
+
log_error(logger, message)
|
60
64
|
end
|
61
65
|
end
|
62
66
|
end
|
@@ -117,7 +121,7 @@ module Rollbar
|
|
117
121
|
if capistrano.fetch(:rollbar_deploy_id)
|
118
122
|
yield
|
119
123
|
else
|
120
|
-
logger
|
124
|
+
log_error logger, 'Failed to update the deploy in Rollbar. No deploy id available.'
|
121
125
|
end
|
122
126
|
end
|
123
127
|
|
@@ -134,6 +138,20 @@ module Rollbar
|
|
134
138
|
logger.debug result[:request_info]
|
135
139
|
logger.debug result[:response_info] if result[:response_info]
|
136
140
|
end
|
141
|
+
|
142
|
+
def format_message(*args)
|
143
|
+
args.compact.join(': ')
|
144
|
+
end
|
145
|
+
|
146
|
+
def log_error(logger, message)
|
147
|
+
# Capistrano 2.x doesn't have the #error method,
|
148
|
+
# so we use #important if #error isn't present
|
149
|
+
if logger.respond_to?(:error)
|
150
|
+
logger.error message
|
151
|
+
elsif logger.respond_to?(:important)
|
152
|
+
logger.important message
|
153
|
+
end
|
154
|
+
end
|
137
155
|
end
|
138
156
|
end
|
139
157
|
end
|
@@ -55,6 +55,7 @@ module Rollbar
|
|
55
55
|
attr_accessor :uncaught_exception_level
|
56
56
|
attr_accessor :scrub_headers
|
57
57
|
attr_accessor :sidekiq_threshold
|
58
|
+
attr_accessor :sidekiq_use_scoped_block
|
58
59
|
attr_reader :transform
|
59
60
|
attr_accessor :verify_ssl_peer
|
60
61
|
attr_accessor :use_async
|
@@ -75,6 +76,7 @@ module Rollbar
|
|
75
76
|
attr_accessor :files_processed_enabled
|
76
77
|
attr_accessor :files_processed_duration # seconds
|
77
78
|
attr_accessor :files_processed_size # bytes
|
79
|
+
attr_accessor :use_payload_access_token
|
78
80
|
|
79
81
|
attr_reader :project_gem_paths
|
80
82
|
attr_accessor :configured_options
|
@@ -138,6 +140,7 @@ module Rollbar
|
|
138
140
|
@uncaught_exception_level = 'error'
|
139
141
|
@scrub_headers = ['Authorization']
|
140
142
|
@sidekiq_threshold = 0
|
143
|
+
@sidekiq_use_scoped_block = false
|
141
144
|
@safely = false
|
142
145
|
@transform = []
|
143
146
|
@use_async = false
|
@@ -167,6 +170,7 @@ module Rollbar
|
|
167
170
|
@files_processed_enabled = false
|
168
171
|
@files_processed_duration = 60
|
169
172
|
@files_processed_size = 5 * 1000 * 1000
|
173
|
+
@use_payload_access_token = false
|
170
174
|
|
171
175
|
@configured_options = ConfiguredOptions.new(self)
|
172
176
|
end
|
data/lib/rollbar/item.rb
CHANGED
@@ -40,7 +40,7 @@ module Rollbar
|
|
40
40
|
class << self
|
41
41
|
def build_with(payload, options = {})
|
42
42
|
new(options).tap do |item|
|
43
|
-
item.payload = payload
|
43
|
+
item.payload = item.add_access_token_to_payload(payload)
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
@@ -64,9 +64,7 @@ module Rollbar
|
|
64
64
|
|
65
65
|
def build
|
66
66
|
data = build_data
|
67
|
-
self.payload = {
|
68
|
-
'data' => data
|
69
|
-
}
|
67
|
+
self.payload = add_access_token_to_payload({'data' => data})
|
70
68
|
|
71
69
|
enforce_valid_utf8
|
72
70
|
transform
|
@@ -166,6 +164,21 @@ module Rollbar
|
|
166
164
|
configuration.ignored_person_ids.include?(person_id)
|
167
165
|
end
|
168
166
|
|
167
|
+
def add_access_token_to_payload(payload)
|
168
|
+
# Some use cases remain where the token is needed in the payload. For example:
|
169
|
+
#
|
170
|
+
# When using async senders, if the access token is changed dynamically in
|
171
|
+
# the main process config, the sender process won't see that change.
|
172
|
+
#
|
173
|
+
# Until the delayed sender interface is changed to allow passing dynamic config options,
|
174
|
+
# this workaround allows the main process to set the token by adding it to the payload.
|
175
|
+
if (configuration && configuration.use_payload_access_token)
|
176
|
+
payload['access_token'] ||= configuration.access_token
|
177
|
+
end
|
178
|
+
|
179
|
+
payload
|
180
|
+
end
|
181
|
+
|
169
182
|
private
|
170
183
|
|
171
184
|
def build_environment
|
data/lib/rollbar/item/locals.rb
CHANGED
data/lib/rollbar/lazy_store.rb
CHANGED
@@ -41,8 +41,6 @@ module Rollbar
|
|
41
41
|
raw[key] = value
|
42
42
|
|
43
43
|
loaded_data.delete(key)
|
44
|
-
|
45
|
-
value
|
46
44
|
end
|
47
45
|
|
48
46
|
def data
|
@@ -76,8 +74,8 @@ module Rollbar
|
|
76
74
|
super
|
77
75
|
end
|
78
76
|
|
79
|
-
def
|
80
|
-
|
77
|
+
def respond_to_missing?(method_sym, include_all)
|
78
|
+
raw.respond_to?(method_sym, include_all)
|
81
79
|
end
|
82
80
|
end
|
83
81
|
end
|
@@ -157,8 +157,7 @@ module Rollbar
|
|
157
157
|
def script_tag(content, env)
|
158
158
|
if (nonce = rails5_nonce(env))
|
159
159
|
script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
|
160
|
-
elsif secure_headers_nonce
|
161
|
-
nonce = ::SecureHeaders.content_security_policy_script_nonce(::Rack::Request.new(env))
|
160
|
+
elsif (nonce = secure_headers_nonce(env))
|
162
161
|
script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
|
163
162
|
else
|
164
163
|
script_tag_content = "\n<script type=\"text/javascript\">#{content}</script>"
|
@@ -172,29 +171,40 @@ module Rollbar
|
|
172
171
|
string
|
173
172
|
end
|
174
173
|
|
175
|
-
# Rails 5.2 Secure Content Policy
|
174
|
+
# Rails 5.2+ Secure Content Policy
|
176
175
|
def rails5_nonce(env)
|
177
|
-
|
178
|
-
|
179
|
-
# Rails will
|
180
|
-
#
|
181
|
-
#
|
182
|
-
|
176
|
+
req = ::ActionDispatch::Request.new(env)
|
177
|
+
|
178
|
+
# Rails will only return a nonce if the app has set a nonce generator.
|
179
|
+
# So if we get a valid nonce here, we know we should use it.
|
180
|
+
#
|
181
|
+
# Having both 'unsafe-inline' and a nonce is a valid and preferred
|
182
|
+
# browser compatibility configuration.
|
183
|
+
#
|
184
|
+
# If the script_src key is missing, Rails will not add the nonce to the headers,
|
185
|
+
# so we detect this and will not add it in this case.
|
183
186
|
req.respond_to?(:content_security_policy) &&
|
184
187
|
req.content_security_policy &&
|
185
188
|
req.content_security_policy.directives['script-src'] &&
|
186
|
-
!req.content_security_policy.directives['script-src'].include?("'unsafe-inline'") &&
|
187
189
|
req.content_security_policy_nonce
|
188
190
|
end
|
189
191
|
|
190
192
|
# Secure Headers gem
|
191
|
-
def secure_headers_nonce
|
192
|
-
|
193
|
+
def secure_headers_nonce(env)
|
194
|
+
req = ::Rack::Request.new(env)
|
195
|
+
|
196
|
+
return unless secure_headers(req).append_nonce?
|
197
|
+
|
198
|
+
::SecureHeaders.content_security_policy_script_nonce(req)
|
193
199
|
end
|
194
200
|
|
195
|
-
def secure_headers
|
201
|
+
def secure_headers(req)
|
196
202
|
return SecureHeadersFalse.new unless defined?(::SecureHeaders::Configuration)
|
197
203
|
|
204
|
+
# If the nonce key has been set, the app is using nonces for this request.
|
205
|
+
# If it hasn't, we shouldn't cause one to be added to script_src, so return now.
|
206
|
+
return SecureHeadersFalse.new unless secure_headers_nonce_key(req)
|
207
|
+
|
198
208
|
config = ::SecureHeaders::Configuration
|
199
209
|
|
200
210
|
secure_headers_cls = nil
|
@@ -212,6 +222,10 @@ module Rollbar
|
|
212
222
|
secure_headers_cls.new
|
213
223
|
end
|
214
224
|
|
225
|
+
def secure_headers_nonce_key(req)
|
226
|
+
defined?(::SecureHeaders::NONCE_KEY) && req.env[::SecureHeaders::NONCE_KEY]
|
227
|
+
end
|
228
|
+
|
215
229
|
class SecureHeadersResolver
|
216
230
|
def append_nonce?
|
217
231
|
csp_needs_nonce?(find_csp)
|
@@ -224,16 +238,12 @@ module Rollbar
|
|
224
238
|
end
|
225
239
|
|
226
240
|
def csp_needs_nonce?(csp)
|
227
|
-
!opt_out?(csp)
|
241
|
+
!opt_out?(csp)
|
228
242
|
end
|
229
243
|
|
230
244
|
def opt_out?(_csp)
|
231
245
|
raise NotImplementedError
|
232
246
|
end
|
233
|
-
|
234
|
-
def unsafe_inline?(csp)
|
235
|
-
csp[:script_src].to_a.include?("'unsafe-inline'")
|
236
|
-
end
|
237
247
|
end
|
238
248
|
|
239
249
|
class SecureHeadersFalse < SecureHeadersResolver
|