76d464e9dd
Content Security Policy for iFrame embedding
2024-09-20 04:25:57 -04:00
fea8b5d6f6
Migrate RailsAdmin assets to Shakapacker
...
Resolves an issue with a strict CSP disabling inline `data` images. With Shakapacker and our current webpack config, we extract inline `data` images to dedicated files, thus resolving the issue.
2024-06-17 15:25:21 +02:00
65416934ea
Explicitly specify depend_on relationship between assets and config
2024-05-21 21:56:31 +02:00
11f1845436
CSP: Explicitly add child_src for older browsers
2024-04-26 20:17:07 +02:00
545dcd0b92
Adapt CSP for new ToastUi editor
...
See #2242
2024-04-26 13:37:25 +02:00
b37e1b19c3
Update Content Security Policy and enable Sandbox
...
- Add new directives
- Remove deprecated options
- Enable Sandbox
2024-04-26 13:37:25 +02:00
1e30f18e87
Update Permissions Policy to include latest additions
...
Further, we remove an outdated comment on the `speaker` directive, that was removed some time ago (and is deprecated).
2024-04-26 13:37:25 +02:00
790186a1a1
Resolve Tubesock deprecation warnings
2024-02-26 14:34:42 +01:00
7a1330323c
Fix Sorcery conflict for redirect_back_or_to
...
See https://github.com/Sorcery/sorcery/issues/296
2024-01-19 11:06:40 +01:00
f0c34bab5a
Keep trailing whitespaces in Ransack searches
2024-01-16 21:31:48 +01:00
68a0ae3248
Remove temporary monkey patch for Mnemosyne
2023-11-28 18:13:31 +01:00
1fb5e45202
Monkey Patch Mnemosyne until Rails 7.1 support landed
...
See https://github.com/mnemosyne-mon/mnemosyne-ruby/pull/70
2023-11-24 16:28:53 +01:00
4e3b66ff76
Remove monkey patch for Slim with Rails 7.1
2023-11-11 20:43:52 +01:00
7e66ed1c36
Disable Gravatar in Rails Admin
2023-10-29 15:30:54 +01:00
28d9e38fe5
Upgrade to Rails 7.1 and apply new framework defaults
...
* Remove deprecated options from environments
* Remove deprecation warnings for upcoming Rails 7.2
* Dump schema with new defaults
* Remove outdated (and erroneous) data attribute in view
* Resolve a `NoMethodError` for seeds_spec.rb
2023-10-27 16:50:27 +02:00
3aeef7ebdd
CSP: Refactor custom settings to ease further expansion
...
* This change is introduced due to a corresponding change in CodeHarbor to allow SSO there.
2023-10-13 13:19:03 +02:00
c232a418f4
CSP: Recognize ACE of using data: images
2023-10-13 00:14:38 +02:00
99bd46af1a
Align project files with CodeHarbor
...
Since both projects are developed together and by the same team, we also want to have the same code structure and utility methods available in both projects. Therefore, this commit changes many files, but without a functional change.
2023-10-11 00:18:33 +02:00
4879c0172a
CSP: Allow extending directives with 'none'
2023-10-08 13:46:32 +02:00
1bba4a006a
Sentry: Check for span description before applying gsub!
2023-09-20 15:32:17 +02:00
7deea1ddac
Fix invalid timestamps for breadcrumbs in Sentry
...
See https://github.com/getsentry/sentry-ruby/issues/1874
2023-09-19 11:17:17 +02:00
245c3dba8c
Update from proforma to proformaxml
2023-08-24 00:14:41 +02:00
3b4fc0a5ec
Fix ActionCable load error due to custom inflection for middleware
2023-08-16 17:11:23 +02:00
d1a0012d4f
Overwrite Bootstrap Link Renderer for WillPaginate
...
Without this fix, the new will_paginate version is not compatible with the old version of bootstrap-will_paginate. This issue is also tracked here: https://github.com/mislav/will_paginate/issues/649
Fixes CODEOCEAN-QK
2023-06-14 14:43:18 +02:00
240fbc5a3b
Add Sentry instrumentation for JavaScript
2023-05-09 22:10:40 +02:00
f037c5e961
Enable performance profiling for Sentry
2023-05-03 14:47:56 +02:00
62f96704de
Prepare Profiling with Sentry
2023-04-25 23:14:43 +02:00
7fe0fc02e2
Set Sentry context for RailsAdmin
2023-02-21 11:35:29 +01:00
ee63166af7
Sentry: Replace UUIDs with * in URLs
2023-02-16 10:50:01 +01:00
b0c84b190d
Enable breadcrumbs and more details for Sentry
2023-02-10 00:38:45 +01:00
750c59ca6a
Increase sample rate for Sentry and introduce ENV variable
2023-02-09 19:32:03 +01:00
bf077ef478
Fix rubocop offenses
2022-12-09 13:11:46 +01:00
65c95a1f1c
Expire all assets to enable SRI
...
Otherwise, many browsers show issues with caching
2022-12-06 21:23:02 +01:00
48d9863090
Explicitly require prometheus/record during initialization
2022-12-04 15:27:55 +01:00
90b30e2bf7
Upgrade to Rails 7.0 and apply new framework defaults
...
* Remove `send_stream` method pulled in before upgrading Rails
* Remove spring, it is no longer included by default for new apps
* Remove deprecated options from environments
* Remove old asset paths and workarounds no longer needed
* Remove unnecessary `OAUTH_10_SUPPORT` const, LTI still uses OAuth 1.0
* Dump schema with new defaults (and specify precision for timestamps where needed)
2022-12-04 15:21:59 +01:00
ffe96d9223
Remove I18n.translation_present? monkey patch
2022-12-04 15:03:28 +01:00
bf5781f90d
exclude model from rails admin, add possible performance solution (remove all associations from list)
2022-11-24 22:59:12 +01:00
aecd7b8231
Bump rails_admin from 2.2.1 to 3.1.0
...
Bumps [rails_admin](https://github.com/sferik/rails_admin ) from 2.2.1 to 3.1.0.
- [Release notes](https://github.com/sferik/rails_admin/releases )
- [Changelog](https://github.com/railsadminteam/rails_admin/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sferik/rails_admin/compare/v2.2.1...v3.1.0 )
---
updated-dependencies:
- dependency-name: rails_admin
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-11-24 22:59:12 +01:00
e93d6f270d
Update Sentry's op name (required for sentry-rails 5.6.0+
...
See https://github.com/getsentry/sentry-ruby/releases/tag/5.6.0
2022-11-17 00:29:46 +01:00
f17718f69f
CSP: Extract JavaScript from layout to assets
...
Fixes CODEOCEAN-CP
2022-11-16 19:47:58 +01:00
e0bce2071e
CSP: Allow Webworkers for ACE
...
Fixes CODEOCEAN-EQ
2022-11-16 19:47:58 +01:00
16c00ec136
Add support for signed URLs used by the render_file function
2022-09-23 21:35:22 +02:00
0d40cdd03a
[CSP] Allow 'self' as base-uri
2022-09-07 21:41:09 +02:00
2028e636a3
Use SameSite=Lax for LTI login
2022-09-06 13:28:12 +02:00
fe0ad7a79d
Add Feature-Policy header
...
The header has been renamed to Permissions-Policy, but Rails has no support so far.
2022-09-06 11:21:38 +02:00
7f0d8b63f9
Use Cookie Prefix in Production and Staging
2022-09-06 11:21:38 +02:00
a2bb2844b4
Add a Content Security Policy
2022-09-06 11:20:57 +02:00
fe41d44548
Use SameSite strict for cookies
2022-09-06 11:20:56 +02:00
d223abfb5e
Update from webpacker v5 to shakapacker v6.0.0.rc13
...
Using a two-step process is recommended:
332e25186a/docs/v6_upgrade.md
2022-08-12 10:22:55 +02:00
727f85841d
Bump i18n-js from 3.9.2 to 4.0.0
...
Bumps [i18n-js](https://github.com/fnando/i18n-js ) from 3.9.2 to 4.0.0.
- [Release notes](https://github.com/fnando/i18n-js/releases )
- [Changelog](https://github.com/fnando/i18n-js/blob/main/CHANGELOG.md )
- [Commits](https://github.com/fnando/i18n-js/compare/v3.9.2...v4.0.0 )
---
updated-dependencies:
- dependency-name: i18n-js
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-08-09 10:11:36 +02:00
