diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2019-01-08 22:19:22 +0100 |
---|---|---|
committer | Kasper Timm Hansen <kaspth@gmail.com> | 2019-01-08 22:19:22 +0100 |
commit | 647d7e61679ac4c28c081532ad0a0d7e1f80482b (patch) | |
tree | 45c2dc066c3268392e021cf71d65be9d09837d9a /railties | |
parent | f66a977fc7ae30d2a07124ad91924c4ee638a703 (diff) | |
download | rails-647d7e61679ac4c28c081532ad0a0d7e1f80482b.tar.gz rails-647d7e61679ac4c28c081532ad0a0d7e1f80482b.tar.bz2 rails-647d7e61679ac4c28c081532ad0a0d7e1f80482b.zip |
Revert "Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json""
I reverted the wrong commit. Damn it.
This reverts commit f66a977fc7ae30d2a07124ad91924c4ee638a703.
Diffstat (limited to 'railties')
3 files changed, 18 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt index d3bcaa5ec8..c517b0f96b 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt @@ -11,6 +11,10 @@ # policy.object_src :none # policy.script_src :self, :https # policy.style_src :self, :https +<%- unless options[:skip_javascript] -%> +# # If you are using webpack-dev-server then specify webpack-dev-server host +# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? +<%- end -%> # # Specify URI for violation reports # # policy.report_uri "/csp-violation-report-endpoint" diff --git a/railties/railties.gemspec b/railties/railties.gemspec index e7de51f52a..1bfb0dfe48 100644 --- a/railties/railties.gemspec +++ b/railties/railties.gemspec @@ -30,6 +30,9 @@ Gem::Specification.new do |s| "changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/railties/CHANGELOG.md" } + # NOTE: Please read our dependency guidelines before updating versions: + # https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves + s.add_dependency "activesupport", version s.add_dependency "actionpack", version diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index a421ac326d..47e401c34f 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -230,6 +230,14 @@ class AppGeneratorTest < Rails::Generators::TestCase assert_equal "false\n", output end + def test_csp_initializer_include_connect_src_example + run_generator + + assert_file "config/initializers/content_security_policy.rb" do |content| + assert_match(/# policy\.connect_src/, content) + end + end + def test_app_update_keep_the_cookie_serializer_if_it_is_already_configured app_root = File.join(destination_root, "myapp") run_generator [app_root] @@ -837,6 +845,9 @@ class AppGeneratorTest < Rails::Generators::TestCase end assert_no_gem "webpacker" + assert_file "config/initializers/content_security_policy.rb" do |content| + assert_no_match(/policy\.connect_src/, content) + end end def test_webpack_option_with_js_framework |