Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp
This commit is contained in:
parent
da371be9e2
commit
d82d1132c2
3 changed files with 4 additions and 9 deletions
2
Gemfile
2
Gemfile
|
@ -60,7 +60,6 @@ gem 'premailer-rails'
|
|||
gem 'puma' # Use Puma as the app server
|
||||
gem 'pundit'
|
||||
gem 'rack-attack'
|
||||
gem 'rack-mini-profiler'
|
||||
gem 'rails'
|
||||
gem 'rails-i18n' # Locales par défaut
|
||||
gem 'rake-progressbar', require: false
|
||||
|
@ -104,6 +103,7 @@ group :development do
|
|||
gem 'brakeman', require: false
|
||||
gem 'haml-lint'
|
||||
gem 'letter_opener_web'
|
||||
gem 'rack-mini-profiler'
|
||||
gem 'rails-erd', require: false # generates `doc/database_models.pdf`
|
||||
gem 'rubocop', require: false
|
||||
gem 'rubocop-rails_config'
|
||||
|
|
|
@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
|
|||
before_action :load_navbar_left_pannel_partial_url
|
||||
before_action :set_raven_context
|
||||
before_action :redirect_if_untrusted
|
||||
before_action :authorize_request_for_profiler
|
||||
before_action :reject, if: -> { feature_enabled?(:maintenance_mode) }
|
||||
|
||||
before_action :staging_authenticate
|
||||
|
@ -30,12 +29,6 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
|
||||
def authorize_request_for_profiler
|
||||
if feature_enabled?(:mini_profiler)
|
||||
Rack::MiniProfiler.authorize_request
|
||||
end
|
||||
end
|
||||
|
||||
def load_navbar_left_pannel_partial_url
|
||||
controller = request.controller_class
|
||||
method = params[:action]
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
if Rails.env.development?
|
||||
Rack::MiniProfiler.config.authorization_mode = :whitelist
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue