slimmer 18.0.0 → 18.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/slimmer/app.rb +2 -4
- data/lib/slimmer/processors/nonce_inserter.rb +21 -0
- data/lib/slimmer/skin.rb +1 -0
- data/lib/slimmer/version.rb +1 -1
- data/lib/slimmer.rb +1 -0
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c83a7a1a6f6cc3aa308937371b5bd5ed83640dc639f3601ad13b42f85e34b9e
|
|
4
|
+
data.tar.gz: '0862dc4f349e0b6ec12c8151cfe6be98ab06635ec58a947ac1e3a90d16fc28d7'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2f323c8d68bf3bf70e5127f1ac2ce00921b39b4f3f0ec16ca1675675b69ce2db802c75f3f5c0baa38ba6261b708579d42419f4fa5304b79e935345872c4ab42e
|
|
7
|
+
data.tar.gz: a56a4d1fc87d64c1d7c54f7fc18fbc235871584f43d63071e24d93620239a219bcaa057b795892e0bb71a8833b0b6e6862201cf254054db179185f224f9a466d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
# 18.2.0
|
|
2
|
+
|
|
3
|
+
* Drop support for Ruby 2.7.
|
|
4
|
+
* Update reference to deprecated Rack::Utils::HeaderHash
|
|
5
|
+
|
|
6
|
+
# 18.1.0
|
|
7
|
+
|
|
8
|
+
* Decorate inline script elements with nonce attribute for appropriately configured Rails requests
|
|
9
|
+
|
|
1
10
|
# 18.0.0
|
|
2
11
|
|
|
3
12
|
* BREAKING: Drop support for determining Rails < 6 application names
|
data/lib/slimmer/app.rb
CHANGED
|
@@ -42,7 +42,7 @@ module Slimmer
|
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
def response_can_be_rewritten?(status, headers)
|
|
45
|
-
Rack::
|
|
45
|
+
Rack::Headers.new.merge(headers)["Content-Type"] =~ /text\/html/ && ![301, 302, 304].include?(status)
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
def skip_slimmer?(env, response)
|
|
@@ -93,9 +93,7 @@ module Slimmer
|
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
def strip_slimmer_headers(headers)
|
|
96
|
-
|
|
97
|
-
# of extra states not copied. Can be removed once Ruby < 3.1 support is removed.
|
|
98
|
-
headers.to_h.reject { |k, _v| k =~ /\A#{Headers::HEADER_PREFIX}/ }
|
|
96
|
+
headers.reject { |k, _v| k =~ /\A#{Headers::HEADER_PREFIX}/i }
|
|
99
97
|
end
|
|
100
98
|
end
|
|
101
99
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Slimmer::Processors
|
|
2
|
+
class NonceInserter
|
|
3
|
+
def initialize(env)
|
|
4
|
+
# As Rails is an optional dependency of this gem quietly do nothing if Rails
|
|
5
|
+
# classes don't exist.
|
|
6
|
+
@nonce = if defined?(ActionDispatch::Request)
|
|
7
|
+
ActionDispatch::Request.new(env).content_security_policy_nonce
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def filter(_src, dest)
|
|
12
|
+
return unless @nonce
|
|
13
|
+
|
|
14
|
+
# Add the nonce attribute to script elements that don't have a src attribute
|
|
15
|
+
# we expect those with src to be on a CSP host allow list
|
|
16
|
+
dest.css("script:not([src])").each do |script|
|
|
17
|
+
script["nonce"] = @nonce
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/slimmer/skin.rb
CHANGED
|
@@ -104,6 +104,7 @@ module Slimmer
|
|
|
104
104
|
template_wrapper_id = "wrapper" # All templates in Static use `#wrapper`
|
|
105
105
|
|
|
106
106
|
processors = [
|
|
107
|
+
Processors::NonceInserter.new(source_request.env), # for security, this needs to be run before any application HTML is inserted
|
|
107
108
|
Processors::TitleInserter.new,
|
|
108
109
|
Processors::TagMover.new,
|
|
109
110
|
Processors::ConditionalCommentMover.new,
|
data/lib/slimmer/version.rb
CHANGED
data/lib/slimmer.rb
CHANGED
|
@@ -38,6 +38,7 @@ module Slimmer
|
|
|
38
38
|
autoload :ConditionalCommentMover, "slimmer/processors/conditional_comment_mover"
|
|
39
39
|
autoload :FeedbackURLSwapper, "slimmer/processors/feedback_url_swapper"
|
|
40
40
|
autoload :MetadataInserter, "slimmer/processors/metadata_inserter"
|
|
41
|
+
autoload :NonceInserter, "slimmer/processors/nonce_inserter"
|
|
41
42
|
autoload :HeaderContextInserter, "slimmer/processors/header_context_inserter"
|
|
42
43
|
autoload :InsideHeaderInserter, "slimmer/processors/inside_header_inserter"
|
|
43
44
|
autoload :SearchPathSetter, "slimmer/processors/search_path_setter"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: slimmer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 18.
|
|
4
|
+
version: 18.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GOV.UK Dev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
@@ -170,14 +170,14 @@ dependencies:
|
|
|
170
170
|
requirements:
|
|
171
171
|
- - '='
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: 4.
|
|
173
|
+
version: 4.12.0
|
|
174
174
|
type: :development
|
|
175
175
|
prerelease: false
|
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
|
178
178
|
- - '='
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: 4.
|
|
180
|
+
version: 4.12.0
|
|
181
181
|
- !ruby/object:Gem::Dependency
|
|
182
182
|
name: webmock
|
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -216,6 +216,7 @@ files:
|
|
|
216
216
|
- lib/slimmer/processors/header_context_inserter.rb
|
|
217
217
|
- lib/slimmer/processors/inside_header_inserter.rb
|
|
218
218
|
- lib/slimmer/processors/metadata_inserter.rb
|
|
219
|
+
- lib/slimmer/processors/nonce_inserter.rb
|
|
219
220
|
- lib/slimmer/processors/search_parameter_inserter.rb
|
|
220
221
|
- lib/slimmer/processors/search_path_setter.rb
|
|
221
222
|
- lib/slimmer/processors/search_remover.rb
|
|
@@ -243,14 +244,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
243
244
|
requirements:
|
|
244
245
|
- - ">"
|
|
245
246
|
- !ruby/object:Gem::Version
|
|
246
|
-
version:
|
|
247
|
+
version: '3.0'
|
|
247
248
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
248
249
|
requirements:
|
|
249
250
|
- - ">="
|
|
250
251
|
- !ruby/object:Gem::Version
|
|
251
252
|
version: '0'
|
|
252
253
|
requirements: []
|
|
253
|
-
rubygems_version: 3.
|
|
254
|
+
rubygems_version: 3.4.21
|
|
254
255
|
signing_key:
|
|
255
256
|
specification_version: 4
|
|
256
257
|
summary: Thinner than the skinner
|