mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-25 17:24:51 +08:00
Update Recaptcha config, stricken CSP config for external services [SCI-11281] (#8043)
This commit is contained in:
parent
8e91284e29
commit
60a06627c1
4 changed files with 7 additions and 14 deletions
2
Gemfile
2
Gemfile
|
@ -13,7 +13,7 @@ gem 'pg', '~> 1.5'
|
|||
gem 'pg_search' # PostgreSQL full text search
|
||||
gem 'psych', '< 4.0'
|
||||
gem 'rails', '~> 7.0.8'
|
||||
gem 'recaptcha', require: 'recaptcha/rails'
|
||||
gem 'recaptcha'
|
||||
gem 'sanitize'
|
||||
gem 'sprockets-rails'
|
||||
gem 'view_component'
|
||||
|
|
|
@ -50,7 +50,7 @@ GIT
|
|||
mime-types (>= 1.23)
|
||||
|
||||
GEM
|
||||
remote: http://rubygems.org/
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
actioncable (7.0.8.5)
|
||||
actionpack (= 7.0.8.5)
|
||||
|
@ -608,7 +608,7 @@ GEM
|
|||
rb-inotify (0.10.1)
|
||||
ffi (~> 1.0)
|
||||
rdoc (6.3.4.1)
|
||||
recaptcha (5.14.0)
|
||||
recaptcha (5.17.0)
|
||||
regexp_parser (2.8.1)
|
||||
responders (3.1.1)
|
||||
actionpack (>= 5.2)
|
||||
|
|
|
@ -9,7 +9,7 @@ module FormTagHelper
|
|||
res << label_tag(:recaptcha_label, I18n.t('users.registrations.new.captcha_description'))
|
||||
end
|
||||
|
||||
res << recaptcha_tags
|
||||
res << recaptcha_tags(nonce: content_security_policy_nonce)
|
||||
if flash[:recaptcha_error]
|
||||
res << "<span class='help-block'>"
|
||||
res << flash[:recaptcha_error]
|
||||
|
|
|
@ -643,16 +643,9 @@ class Extends
|
|||
'FluicsLabelTemplate' => 'Fluics'
|
||||
}
|
||||
|
||||
EXTERNAL_SCRIPT_SERVICES =
|
||||
if Rails.application.config.x.no_external_csp_exceptions
|
||||
[]
|
||||
else
|
||||
%w(
|
||||
https://marvinjs.chemicalize.com/
|
||||
www.recaptcha.net/
|
||||
www.gstatic.com/recaptcha/
|
||||
)
|
||||
end
|
||||
# If Rails.application.config.x.no_external_csp_exceptions is set, than this should be empty,
|
||||
# but first try to use nonces before adding exceptions here
|
||||
EXTERNAL_SCRIPT_SERVICES = []
|
||||
|
||||
EXTERNAL_CONNECT_SERVICES =
|
||||
if Rails.application.config.x.no_external_csp_exceptions
|
||||
|
|
Loading…
Reference in a new issue