Update Recaptcha config, stricken CSP config for external services [SCI-11281] (#8043)

This commit is contained in:
Alex Kriuchykhin 2024-11-15 10:16:54 +01:00 committed by GitHub
parent 8e91284e29
commit 60a06627c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 7 additions and 14 deletions

View file

@ -13,7 +13,7 @@ gem 'pg', '~> 1.5'
gem 'pg_search' # PostgreSQL full text search
gem 'psych', '< 4.0'
gem 'rails', '~> 7.0.8'
gem 'recaptcha', require: 'recaptcha/rails'
gem 'recaptcha'
gem 'sanitize'
gem 'sprockets-rails'
gem 'view_component'

View file

@ -50,7 +50,7 @@ GIT
mime-types (>= 1.23)
GEM
remote: http://rubygems.org/
remote: https://rubygems.org/
specs:
actioncable (7.0.8.5)
actionpack (= 7.0.8.5)
@ -608,7 +608,7 @@ GEM
rb-inotify (0.10.1)
ffi (~> 1.0)
rdoc (6.3.4.1)
recaptcha (5.14.0)
recaptcha (5.17.0)
regexp_parser (2.8.1)
responders (3.1.1)
actionpack (>= 5.2)

View file

@ -9,7 +9,7 @@ module FormTagHelper
res << label_tag(:recaptcha_label, I18n.t('users.registrations.new.captcha_description'))
end
res << recaptcha_tags
res << recaptcha_tags(nonce: content_security_policy_nonce)
if flash[:recaptcha_error]
res << "<span class='help-block'>"
res << flash[:recaptcha_error]

View file

@ -643,16 +643,9 @@ class Extends
'FluicsLabelTemplate' => 'Fluics'
}
EXTERNAL_SCRIPT_SERVICES =
if Rails.application.config.x.no_external_csp_exceptions
[]
else
%w(
https://marvinjs.chemicalize.com/
www.recaptcha.net/
www.gstatic.com/recaptcha/
)
end
# If Rails.application.config.x.no_external_csp_exceptions is set, than this should be empty,
# but first try to use nonces before adding exceptions here
EXTERNAL_SCRIPT_SERVICES = []
EXTERNAL_CONNECT_SERVICES =
if Rails.application.config.x.no_external_csp_exceptions