Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp

This commit is contained in:
simon lehericey 2020-10-30 17:07:06 +01:00
parent da371be9e2
commit d82d1132c2
3 changed files with 4 additions and 9 deletions

View file

@ -60,7 +60,6 @@ gem 'premailer-rails'
gem 'puma' # Use Puma as the app server gem 'puma' # Use Puma as the app server
gem 'pundit' gem 'pundit'
gem 'rack-attack' gem 'rack-attack'
gem 'rack-mini-profiler'
gem 'rails' gem 'rails'
gem 'rails-i18n' # Locales par défaut gem 'rails-i18n' # Locales par défaut
gem 'rake-progressbar', require: false gem 'rake-progressbar', require: false
@ -104,6 +103,7 @@ group :development do
gem 'brakeman', require: false gem 'brakeman', require: false
gem 'haml-lint' gem 'haml-lint'
gem 'letter_opener_web' gem 'letter_opener_web'
gem 'rack-mini-profiler'
gem 'rails-erd', require: false # generates `doc/database_models.pdf` gem 'rails-erd', require: false # generates `doc/database_models.pdf`
gem 'rubocop', require: false gem 'rubocop', require: false
gem 'rubocop-rails_config' gem 'rubocop-rails_config'

View file

@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
before_action :load_navbar_left_pannel_partial_url before_action :load_navbar_left_pannel_partial_url
before_action :set_raven_context before_action :set_raven_context
before_action :redirect_if_untrusted before_action :redirect_if_untrusted
before_action :authorize_request_for_profiler
before_action :reject, if: -> { feature_enabled?(:maintenance_mode) } before_action :reject, if: -> { feature_enabled?(:maintenance_mode) }
before_action :staging_authenticate before_action :staging_authenticate
@ -30,12 +29,6 @@ class ApplicationController < ActionController::Base
end end
end end
def authorize_request_for_profiler
if feature_enabled?(:mini_profiler)
Rack::MiniProfiler.authorize_request
end
end
def load_navbar_left_pannel_partial_url def load_navbar_left_pannel_partial_url
controller = request.controller_class controller = request.controller_class
method = params[:action] method = params[:action]

View file

@ -1 +1,3 @@
Rack::MiniProfiler.config.authorization_mode = :whitelist if Rails.env.development?
Rack::MiniProfiler.config.authorization_mode = :whitelist
end