Commit Graph

644 Commits

Author SHA1 Message Date
e86e56dce9 Update puma.rb to match current Rails template 2023-01-14 19:42:26 +01:00
3bae99dd13 Update documentation for Shakapacker
Also include new default values.
2023-01-02 10:33:38 +01:00
bf077ef478 Fix rubocop offenses 2022-12-09 13:11:46 +01:00
09a7c83d51 Add new syntax error to German linter translation
Fixes CODEOCEAN-FJ
2022-12-07 23:22:48 +01:00
65c95a1f1c Expire all assets to enable SRI
Otherwise, many browsers show issues with caching
2022-12-06 21:23:02 +01:00
73237412ed Compress JS and CSS files for production 2022-12-06 01:27:51 +01:00
8147669173 Actually enable SRI for all websocket assets
Without this setting, no SRI hashes are added to the assets.
2022-12-05 18:21:22 +01:00
48d9863090 Explicitly require prometheus/record during initialization 2022-12-04 15:27:55 +01:00
90b30e2bf7 Upgrade to Rails 7.0 and apply new framework defaults
* Remove `send_stream` method pulled in before upgrading Rails
* Remove spring, it is no longer included by default for new apps
* Remove deprecated options from environments
* Remove old asset paths and workarounds no longer needed
* Remove unnecessary `OAUTH_10_SUPPORT` const, LTI still uses OAuth 1.0
* Dump schema with new defaults (and specify precision for timestamps where needed)
2022-12-04 15:21:59 +01:00
ffe96d9223 Remove I18n.translation_present? monkey patch 2022-12-04 15:03:28 +01:00
574e99eddd Fix rubocop offenses - Requires Ruby 3.1+ 2022-11-25 11:10:06 +01:00
bf5781f90d exclude model from rails admin, add possible performance solution (remove all associations from list) 2022-11-24 22:59:12 +01:00
aecd7b8231 Bump rails_admin from 2.2.1 to 3.1.0
Bumps [rails_admin](https://github.com/sferik/rails_admin) from 2.2.1 to 3.1.0.
- [Release notes](https://github.com/sferik/rails_admin/releases)
- [Changelog](https://github.com/railsadminteam/rails_admin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sferik/rails_admin/compare/v2.2.1...v3.1.0)

---
updated-dependencies:
- dependency-name: rails_admin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-24 22:59:12 +01:00
d84c35dce2 Add environment variables for time zone and log level 2022-11-21 15:08:03 +01:00
e93d6f270d Update Sentry's op name (required for sentry-rails 5.6.0+
See https://github.com/getsentry/sentry-ruby/releases/tag/5.6.0
2022-11-17 00:29:46 +01:00
f17718f69f CSP: Extract JavaScript from layout to assets
Fixes CODEOCEAN-CP
2022-11-16 19:47:58 +01:00
a9c642a116 CSP: Extract RfC JS from view to assets
Relates to CODEOCEAN-CP
2022-11-16 19:47:58 +01:00
b9f3126f21 CSP: Remove global this in webpack
Also refactor how we handle global namespace objects.

Fixes CODEOCEAN-DV
2022-11-16 19:47:58 +01:00
e0bce2071e CSP: Allow Webworkers for ACE
Fixes CODEOCEAN-EQ
2022-11-16 19:47:58 +01:00
064494c161 Add note on disallowed character for command 2022-11-02 14:12:59 +01:00
58548555a5 Shell: Add file system browser to retrieve arbitrary files 2022-10-29 18:49:18 +02:00
60078701f5 Editor: Allow file retrieval after code run 2022-10-29 18:49:18 +02:00
dd1f4b0ac8 Merge pull request #939 from openHPI/refactor_proforma_import_export
Refactor Proforma Import/Export
2022-10-26 17:58:48 +02:00
b3d8d82a3c Fix file regex in routes, once again.
* We take everything after the well-known path as a filename, and hence allow everything.
2022-10-04 16:07:00 +02:00
46a6c3f3b6 Add new Linter translation for non-default arguments
FIXES CODEOCEAN-DP
2022-09-26 18:03:22 +02:00
9dbe5ae8aa Allow space in filename 2022-09-26 17:52:20 +02:00
4e2dbae2da Allow dash (-) in file names 2022-09-25 01:12:10 +02:00
eb188dcd71 Add privilegedExecution flag to database and Poseidon Strategy 2022-09-24 22:32:41 +02:00
b866221353 rename route 2022-09-24 21:08:18 +02:00
16c00ec136 Add support for signed URLs used by the render_file function 2022-09-23 21:35:22 +02:00
ac3dc8d30f Allow platform admins and internal users to switch their current study group 2022-09-22 19:24:26 +02:00
2e3480a068 Display study_groups in the show view of internal and external users 2022-09-22 19:24:26 +02:00
4d2fe22daf Allow assignment of study groups for internal users 2022-09-22 19:24:26 +02:00
998a12e6bc Adjust filter for platform_admin user search and update views 2022-09-22 19:24:26 +02:00
f5758ecb5e Capitalize app names in locales 2022-09-21 09:56:07 +02:00
d02a1eae81 Validate password strength for internal users 2022-09-14 12:19:25 +02:00
f1aa004284 Use controller method for 404 responses 2022-09-14 01:01:14 +02:00
dba3aac800 Merge branch 'master' into refactor_proforma_import_export 2022-09-13 22:47:50 +02:00
80419db868 [CSP] Prevent use of unsafe-inline for links
* Also update all <a> tags in locals
2022-09-07 21:42:07 +02:00
0d40cdd03a [CSP] Allow 'self' as base-uri 2022-09-07 21:41:09 +02:00
d1ab0a6d86 [CSP] Add documentation about connect_src for WebSocket 2022-09-06 13:57:29 +02:00
2028e636a3 Use SameSite=Lax for LTI login 2022-09-06 13:28:12 +02:00
fe0ad7a79d Add Feature-Policy header
The header has been renamed to Permissions-Policy, but Rails has no support so far.
2022-09-06 11:21:38 +02:00
7f0d8b63f9 Use Cookie Prefix in Production and Staging 2022-09-06 11:21:38 +02:00
9e08f3a6a8 Enable Subresource Integrity 2022-09-06 11:21:37 +02:00
51e9daf930 Enable HSTS preload in app 2022-09-06 11:21:37 +02:00
a2bb2844b4 Add a Content Security Policy 2022-09-06 11:20:57 +02:00
fe41d44548 Use SameSite strict for cookies 2022-09-06 11:20:56 +02:00
0a16f589e9 Use X-Sendfile to transmit native files and handle file uploads 2022-09-06 01:21:40 +02:00
1e47f62472 Remove web_console setting from staging.rb 2022-08-24 13:18:09 +02:00