aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
authorKasper Timm Hansen <kaspth@gmail.com>2019-01-08 22:16:58 +0100
committerKasper Timm Hansen <kaspth@gmail.com>2019-01-08 22:16:58 +0100
commitf66a977fc7ae30d2a07124ad91924c4ee638a703 (patch)
treed81c2e6f6cff5e07eaa7977e767917569c2c90a9 /railties
parent842bc43f7f1cacf54b630e91de32f50456b1bff6 (diff)
downloadrails-f66a977fc7ae30d2a07124ad91924c4ee638a703.tar.gz
rails-f66a977fc7ae30d2a07124ad91924c4ee638a703.tar.bz2
rails-f66a977fc7ae30d2a07124ad91924c4ee638a703.zip
Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json"
We had a discussion on the Core team and we don't want to expose this information as a JSON endpoint and not by default. It doesn't make sense to expose this JSON locally and this controller is only accessible in dev, so the proposed access from a production app seems off. This reverts commit 8eaffe7e89719ac62ff29c2e4208cfbeb1cd1c38, reversing changes made to b6e4305c3bca4c673996d0af9db0f4cfbf50215e.
Diffstat (limited to 'railties')
-rw-r--r--railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt4
-rw-r--r--railties/railties.gemspec3
-rw-r--r--railties/test/generators/app_generator_test.rb11
3 files changed, 0 insertions, 18 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
index c517b0f96b..d3bcaa5ec8 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/content_security_policy.rb.tt
@@ -11,10 +11,6 @@
# policy.object_src :none
# policy.script_src :self, :https
# policy.style_src :self, :https
-<%- unless options[:skip_javascript] -%>
-# # If you are using webpack-dev-server then specify webpack-dev-server host
-# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
-<%- end -%>
# # Specify URI for violation reports
# # policy.report_uri "/csp-violation-report-endpoint"
diff --git a/railties/railties.gemspec b/railties/railties.gemspec
index 1bfb0dfe48..e7de51f52a 100644
--- a/railties/railties.gemspec
+++ b/railties/railties.gemspec
@@ -30,9 +30,6 @@ Gem::Specification.new do |s|
"changelog_uri" => "https://github.com/rails/rails/blob/v#{version}/railties/CHANGELOG.md"
}
- # NOTE: Please read our dependency guidelines before updating versions:
- # https://edgeguides.rubyonrails.org/security.html#dependency-management-and-cves
-
s.add_dependency "activesupport", version
s.add_dependency "actionpack", version
diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb
index 47e401c34f..a421ac326d 100644
--- a/railties/test/generators/app_generator_test.rb
+++ b/railties/test/generators/app_generator_test.rb
@@ -230,14 +230,6 @@ class AppGeneratorTest < Rails::Generators::TestCase
assert_equal "false\n", output
end
- def test_csp_initializer_include_connect_src_example
- run_generator
-
- assert_file "config/initializers/content_security_policy.rb" do |content|
- assert_match(/# policy\.connect_src/, content)
- end
- end
-
def test_app_update_keep_the_cookie_serializer_if_it_is_already_configured
app_root = File.join(destination_root, "myapp")
run_generator [app_root]
@@ -845,9 +837,6 @@ class AppGeneratorTest < Rails::Generators::TestCase
end
assert_no_gem "webpacker"
- assert_file "config/initializers/content_security_policy.rb" do |content|
- assert_no_match(/policy\.connect_src/, content)
- end
end
def test_webpack_option_with_js_framework