Merge pull request #6967 from betagouv/main

2022-02-15-04
This commit is contained in:
Pierre de La Morinerie 2022-02-15 16:12:53 +01:00 committed by GitHub
commit 26363d1f3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 1 deletions

View file

@ -492,7 +492,7 @@ GEM
byebug (~> 11.0)
pry (~> 0.13.0)
public_suffix (4.0.6)
puma (5.5.1)
puma (5.6.2)
nio4r (~> 2.0)
pundit (2.1.0)
activesupport (>= 3.0.0)

View file

@ -28,8 +28,13 @@ Rails.application.config.content_security_policy do |policy|
connect_whitelist << URI(API_ADRESSE_URL).host if API_ADRESSE_URL.present?
connect_whitelist << URI(API_EDUCATION_URL).host if API_EDUCATION_URL.present?
connect_whitelist << URI(API_GEO_URL).host if API_GEO_URL.present?
connect_whitelist << Rails.application.secrets.matomo[:host] if Rails.application.secrets.matomo[:enabled]
policy.connect_src(:self, *connect_whitelist)
frame_whitelist = []
frame_whitelist << URI(MATOMO_IFRAME_URL).host if Rails.application.secrets.matomo[:enabled]
policy.frame_src(:self, *frame_whitelist)
# Pour tout le reste, par défaut on accepte uniquement ce qui vient de chez nous
# et dans la notification on inclue la source de l'erreur
default_whitelist = ["fonts.gstatic.com", "in-automate.sendinblue.com", "player.vimeo.com", "app.franceconnect.gouv.fr", "sentry.io", "*.crisp.chat", "crisp.chat", "*.crisp.help", "*.sibautomation.com", "sibautomation.com", "data"]

View file

@ -23,6 +23,7 @@ describe 'The user' do
choose('Madame')
fill_in('email', with: 'loulou@yopmail.com')
fill_in('phone', with: '0123456789')
scroll_to(find_field('Non'), align: :center)
choose('Non')
choose('val2')
check('val1')