Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp

This commit is contained in:
simon lehericey 2020-10-30 17:07:06 +01:00
parent da371be9e2
commit d82d1132c2
3 changed files with 4 additions and 9 deletions

View file

@ -60,7 +60,6 @@ gem 'premailer-rails'
gem 'puma' # Use Puma as the app server
gem 'pundit'
gem 'rack-attack'
gem 'rack-mini-profiler'
gem 'rails'
gem 'rails-i18n' # Locales par défaut
gem 'rake-progressbar', require: false
@ -104,6 +103,7 @@ group :development do
gem 'brakeman', require: false
gem 'haml-lint'
gem 'letter_opener_web'
gem 'rack-mini-profiler'
gem 'rails-erd', require: false # generates `doc/database_models.pdf`
gem 'rubocop', require: false
gem 'rubocop-rails_config'

View file

@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
before_action :load_navbar_left_pannel_partial_url
before_action :set_raven_context
before_action :redirect_if_untrusted
before_action :authorize_request_for_profiler
before_action :reject, if: -> { feature_enabled?(:maintenance_mode) }
before_action :staging_authenticate
@ -30,12 +29,6 @@ class ApplicationController < ActionController::Base
end
end
def authorize_request_for_profiler
if feature_enabled?(:mini_profiler)
Rack::MiniProfiler.authorize_request
end
end
def load_navbar_left_pannel_partial_url
controller = request.controller_class
method = params[:action]

View file

@ -1 +1,3 @@
if Rails.env.development?
Rack::MiniProfiler.config.authorization_mode = :whitelist
end