From d82d1132c269b317f8145a38739be7cb285c1114 Mon Sep 17 00:00:00 2001
From: simon lehericey <mail@simon.lehericey.net>
Date: Fri, 30 Oct 2020 17:07:06 +0100
Subject: [PATCH] Remove rack_mini_profiler from prod as it could show env var
 and force us to allow unsafe_eval and script in csp

---
 Gemfile                                   | 2 +-
 app/controllers/application_controller.rb | 7 -------
 config/initializers/rack_mini_profiler.rb | 4 +++-
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/Gemfile b/Gemfile
index c5a760d5e..7e40ba5ab 100644
--- a/Gemfile
+++ b/Gemfile
@@ -60,7 +60,6 @@ gem 'premailer-rails'
 gem 'puma' # Use Puma as the app server
 gem 'pundit'
 gem 'rack-attack'
-gem 'rack-mini-profiler'
 gem 'rails'
 gem 'rails-i18n' # Locales par défaut
 gem 'rake-progressbar', require: false
@@ -104,6 +103,7 @@ group :development do
   gem 'brakeman', require: false
   gem 'haml-lint'
   gem 'letter_opener_web'
+  gem 'rack-mini-profiler'
   gem 'rails-erd', require: false # generates `doc/database_models.pdf`
   gem 'rubocop', require: false
   gem 'rubocop-rails_config'
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7ed38f687..4c795d27c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
   before_action :load_navbar_left_pannel_partial_url
   before_action :set_raven_context
   before_action :redirect_if_untrusted
-  before_action :authorize_request_for_profiler
   before_action :reject, if: -> { feature_enabled?(:maintenance_mode) }
 
   before_action :staging_authenticate
@@ -30,12 +29,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def authorize_request_for_profiler
-    if feature_enabled?(:mini_profiler)
-      Rack::MiniProfiler.authorize_request
-    end
-  end
-
   def load_navbar_left_pannel_partial_url
     controller = request.controller_class
     method = params[:action]
diff --git a/config/initializers/rack_mini_profiler.rb b/config/initializers/rack_mini_profiler.rb
index 5065ab5cd..fc9414e45 100644
--- a/config/initializers/rack_mini_profiler.rb
+++ b/config/initializers/rack_mini_profiler.rb
@@ -1 +1,3 @@
-Rack::MiniProfiler.config.authorization_mode = :whitelist
+if Rails.env.development?
+  Rack::MiniProfiler.config.authorization_mode = :whitelist
+end