htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,068 Commits 2 Branches 0 Tags
d68b91daa0207cb44aa1f3ff67f204ed2f477c9d
Commit Graph

116 Commits

Author SHA1 Message Date
Sebastian Serth
11f1845436 CSP: Explicitly add child_src for older browsers 2024-04-26 20:17:07 +02:00
Sebastian Serth
545dcd0b92 Adapt CSP for new ToastUi editor 
See #2242
 2024-04-26 13:37:25 +02:00
Sebastian Serth
b37e1b19c3 Update Content Security Policy and enable Sandbox 
- Add new directives
- Remove deprecated options
- Enable Sandbox
 2024-04-26 13:37:25 +02:00
Sebastian Serth
1e30f18e87 Update Permissions Policy to include latest additions 
Further, we remove an outdated comment on the `speaker` directive, that was removed some time ago (and is deprecated).
 2024-04-26 13:37:25 +02:00
Sebastian Serth
790186a1a1 Resolve Tubesock deprecation warnings 2024-02-26 14:34:42 +01:00
Sebastian Serth
7a1330323c Fix Sorcery conflict for redirect_back_or_to 
See https://github.com/Sorcery/sorcery/issues/296
 2024-01-19 11:06:40 +01:00
Sebastian Serth
f0c34bab5a Keep trailing whitespaces in Ransack searches 2024-01-16 21:31:48 +01:00
Sebastian Serth
68a0ae3248 Remove temporary monkey patch for Mnemosyne 2023-11-28 18:13:31 +01:00
Sebastian Serth
1fb5e45202 Monkey Patch Mnemosyne until Rails 7.1 support landed 
See https://github.com/mnemosyne-mon/mnemosyne-ruby/pull/70
 2023-11-24 16:28:53 +01:00
Sebastian Serth
4e3b66ff76 Remove monkey patch for Slim with Rails 7.1 2023-11-11 20:43:52 +01:00
Sebastian Serth
7e66ed1c36 Disable Gravatar in Rails Admin 2023-10-29 15:30:54 +01:00
Sebastian Serth
28d9e38fe5 Upgrade to Rails 7.1 and apply new framework defaults 
* Remove deprecated options from environments
* Remove deprecation warnings for upcoming Rails 7.2
* Dump schema with new defaults
* Remove outdated (and erroneous) data attribute in view
* Resolve a `NoMethodError` for seeds_spec.rb
 2023-10-27 16:50:27 +02:00
Sebastian Serth
3aeef7ebdd CSP: Refactor custom settings to ease further expansion 
* This change is introduced due to a corresponding change in CodeHarbor to allow SSO there.
 2023-10-13 13:19:03 +02:00
Sebastian Serth
c232a418f4 CSP: Recognize ACE of using data: images 2023-10-13 00:14:38 +02:00
Sebastian Serth
99bd46af1a Align project files with CodeHarbor 
Since both projects are developed together and by the same team, we also want to have the same code structure and utility methods available in both projects. Therefore, this commit changes many files, but without a functional change.
 2023-10-11 00:18:33 +02:00
Sebastian Serth
4879c0172a CSP: Allow extending directives with 'none' 2023-10-08 13:46:32 +02:00
Sebastian Serth
1bba4a006a Sentry: Check for span description before applying gsub! 2023-09-20 15:32:17 +02:00
Sebastian Serth
7deea1ddac Fix invalid timestamps for breadcrumbs in Sentry 
See https://github.com/getsentry/sentry-ruby/issues/1874
 2023-09-19 11:17:17 +02:00
Sebastian Serth
245c3dba8c Update from proforma to proformaxml 2023-08-24 00:14:41 +02:00
Sebastian Serth
3b4fc0a5ec Fix ActionCable load error due to custom inflection for middleware 2023-08-16 17:11:23 +02:00
Sebastian Serth
d1a0012d4f Overwrite Bootstrap Link Renderer for WillPaginate 
Without this fix, the new will_paginate version is not compatible with the old version of bootstrap-will_paginate. This issue is also tracked here: https://github.com/mislav/will_paginate/issues/649

Fixes CODEOCEAN-QK
 2023-06-14 14:43:18 +02:00
Sebastian Serth
240fbc5a3b Add Sentry instrumentation for JavaScript 2023-05-09 22:10:40 +02:00
Sebastian Serth
f037c5e961 Enable performance profiling for Sentry 2023-05-03 14:47:56 +02:00
Sebastian Serth
62f96704de Prepare Profiling with Sentry 2023-04-25 23:14:43 +02:00
Sebastian Serth
7fe0fc02e2 Set Sentry context for RailsAdmin 2023-02-21 11:35:29 +01:00
Sebastian Serth
ee63166af7 Sentry: Replace UUIDs with * in URLs 2023-02-16 10:50:01 +01:00
Sebastian Serth
b0c84b190d Enable breadcrumbs and more details for Sentry 2023-02-10 00:38:45 +01:00
Sebastian Serth
750c59ca6a Increase sample rate for Sentry and introduce ENV variable 2023-02-09 19:32:03 +01:00
Sebastian Serth
bf077ef478 Fix rubocop offenses 2022-12-09 13:11:46 +01:00
Sebastian Serth
65c95a1f1c Expire all assets to enable SRI 
Otherwise, many browsers show issues with caching
 2022-12-06 21:23:02 +01:00
Sebastian Serth
48d9863090 Explicitly require prometheus/record during initialization 2022-12-04 15:27:55 +01:00
dependabot[bot]
90b30e2bf7 Upgrade to Rails 7.0 and apply new framework defaults 
* Remove `send_stream` method pulled in before upgrading Rails
* Remove spring, it is no longer included by default for new apps
* Remove deprecated options from environments
* Remove old asset paths and workarounds no longer needed
* Remove unnecessary `OAUTH_10_SUPPORT` const, LTI still uses OAuth 1.0
* Dump schema with new defaults (and specify precision for timestamps where needed)
 2022-12-04 15:21:59 +01:00
Sebastian Serth
ffe96d9223 Remove I18n.translation_present? monkey patch 2022-12-04 15:03:28 +01:00
Karol
bf5781f90d exclude model from rails admin, add possible performance solution (remove all associations from list) 2022-11-24 22:59:12 +01:00
dependabot[bot]
aecd7b8231 Bump rails_admin from 2.2.1 to 3.1.0 
Bumps [rails_admin](https://github.com/sferik/rails_admin) from 2.2.1 to 3.1.0.
- [Release notes](https://github.com/sferik/rails_admin/releases)
- [Changelog](https://github.com/railsadminteam/rails_admin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sferik/rails_admin/compare/v2.2.1...v3.1.0)

---
updated-dependencies:
- dependency-name: rails_admin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-24 22:59:12 +01:00
Sebastian Serth
e93d6f270d Update Sentry's op name (required for sentry-rails 5.6.0+ 
See https://github.com/getsentry/sentry-ruby/releases/tag/5.6.0
 2022-11-17 00:29:46 +01:00
Sebastian Serth
f17718f69f CSP: Extract JavaScript from layout to assets 
Fixes CODEOCEAN-CP
 2022-11-16 19:47:58 +01:00
Sebastian Serth
e0bce2071e CSP: Allow Webworkers for ACE 
Fixes CODEOCEAN-EQ
 2022-11-16 19:47:58 +01:00
Sebastian Serth
16c00ec136 Add support for signed URLs used by the render_file function 2022-09-23 21:35:22 +02:00
Sebastian Serth
0d40cdd03a [CSP] Allow 'self' as base-uri 2022-09-07 21:41:09 +02:00
Sebastian Serth
2028e636a3 Use SameSite=Lax for LTI login 2022-09-06 13:28:12 +02:00
Sebastian Serth
fe0ad7a79d Add Feature-Policy header 
The header has been renamed to Permissions-Policy, but Rails has no support so far.
 2022-09-06 11:21:38 +02:00
Sebastian Serth
7f0d8b63f9 Use Cookie Prefix in Production and Staging 2022-09-06 11:21:38 +02:00
Sebastian Serth
a2bb2844b4 Add a Content Security Policy 2022-09-06 11:20:57 +02:00
Sebastian Serth
fe41d44548 Use SameSite strict for cookies 2022-09-06 11:20:56 +02:00
Sebastian Serth
d223abfb5e Update from webpacker v5 to shakapacker v6.0.0.rc13 
Using a two-step process is recommended:
332e25186a/docs/v6_upgrade.md
 2022-08-12 10:22:55 +02:00
dependabot[bot]
727f85841d Bump i18n-js from 3.9.2 to 4.0.0 
Bumps [i18n-js](https://github.com/fnando/i18n-js) from 3.9.2 to 4.0.0.
- [Release notes](https://github.com/fnando/i18n-js/releases)
- [Changelog](https://github.com/fnando/i18n-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fnando/i18n-js/compare/v3.9.2...v4.0.0)

---
updated-dependencies:
- dependency-name: i18n-js
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-09 10:11:36 +02:00
Sebastian Serth
5707e4c914 Use secure cookies for production and staging 2022-07-15 00:35:09 +02:00
Sebastian Serth
b613267add Remove legacy DockerClient 2022-06-08 13:18:37 +02:00
Sebastian Serth
038864e4b4 Fix Rubocop offenses 2022-04-24 18:18:16 +02:00