Pierre de La Morinerie
32ab2f0a80
instructeur: limit the maximum size of a filter value
...
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-20 14:49:48 +02:00
lydiasan
4efd160cad
Merge pull request #6112 from betagouv/edition-dossiers
...
i18n: traduction dossiers/edition
2021-07-20 14:29:33 +02:00
lydiasan
7de10731a6
i18n: localize dossiers edition
2021-07-20 14:18:20 +02:00
Paul Chavard
b7c0a42fd5
Merge pull request #6349 from tchak/fix-communes-autocomplete
...
Get more results from communes API and use local matcher
2021-07-20 13:44:41 +02:00
Paul Chavard
c7b0b8495b
Get more results from communes API and use local matcher
2021-07-20 13:34:17 +02:00
Pierre de La Morinerie
a08815d95f
Merge pull request #6332 from betagouv/fix-csrf-with-long-lived-cookie
...
Correctif pour diminuer le nombre d'erreurs InvalidAuthenticityToken ("La requête a été rejetée") (#6332 )
2021-07-20 13:11:41 +02:00
Pierre de La Morinerie
5b4f7f9ae9
app: restore the default cache settings
...
We initially did that to avoid a browser being restarted to display a
cached form with a stale CSRF token – thus provoking an
InvalidAuthenticityToken exception when the form is submitted.
But now that we use a long-lived CSRF token, we can submit forms with
a stale CSRF token successfully (because the long-lived CSRF cookie)
is still valid – so we no longer need to change the HTML cache behavior.
This fixes issues where the browser Back button wants to display a
previous POST document, but can't because of the 'no-store' setting. In
this case the browser either displays an error, or re-attempts the POST
request (without any cookies), which results in an
InvalidAuthenticityToken exception.
See `docs/adr-csrf-forgery.md` for more explanations.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
831672391e
app: use a long-lived cookie for CSRF token
...
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
446c57ed63
specs: add a feature test for forgery protection
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
a03d8d0705
controllers: remove useless handle_verified_request
override
...
This is a leftover of 09933454ff
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
eec82b3798
Merge pull request #6339 from betagouv/update-sentry-javascript
...
Mise à jour du SDK de Sentry (#6339 )
2021-07-20 09:31:12 +02:00
Pierre de La Morinerie
63cde95fc9
js: ignore errors generated by a Microsoft crawler
...
Sentry has a lot of Javacript errors stating:
> UnhandledRejection: Non-Error promise rejection captured with value: Object Not Found Matching Id:2
This is apparently caused by a Microsoft crawler (maybe for scanning
targets of email links), and can be safely ignored.
See https://forum.sentry.io/t/unhandledrejection-non-error-promise-rejection-captured-with-value/14062/12
2021-07-20 09:21:59 +02:00
Pierre de La Morinerie
0dfe4fc899
js: update to @sentry/browser v6.9.0
...
Helps with de-duplicating issues being trigerred in a loop.
See https://github.com/getsentry/sentry-javascript/pull/3730
2021-07-20 09:21:59 +02:00
Pierre de La Morinerie
d4face20d2
Merge pull request #6337 from betagouv/dependabot/bundler/addressable-2.8.0
...
Mise à jour de `addressable` de la version 2.7.0 à 2.8.0 (#6337 )
2021-07-20 09:21:20 +02:00
dependabot[bot]
73935c23e4
build(deps): bump addressable from 2.7.0 to 2.8.0
...
Bumps [addressable](https://github.com/sporkmonger/addressable ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/sporkmonger/addressable/releases )
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0 )
---
updated-dependencies:
- dependency-name: addressable
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-07-20 07:13:05 +00:00
Pierre de La Morinerie
695b9b194e
Merge pull request #6334 from betagouv/fix-invalid-checkbox-selection
...
Correction de l'affichage des cases à cocher dans les listes multiples lorsque plusieurs options ont des valeurs similaires (#6334 )
2021-07-20 09:09:38 +02:00
Pierre de La Morinerie
71741c5f98
views: fix checkbox wrongly selected in multiple_drop_down_list
...
The check for whether the checkbox should be checked or not was made by
matching the whole string. Thus, given two options 'valid' and
'invalid', the check for the presence of 'valid' would succeed even when
only 'invalid' was present in the values (because
`'valid'.includes?('invalid')`.
The code now checks against the list of items in the selected_options.
2021-07-20 09:01:07 +02:00
Kara Diaby
a35d46ebf4
Merge branch 'production' into main
2021-07-15 16:50:25 +02:00
Kara Diaby
40268f5abf
Merge pull request #6343 from betagouv/fix-content-type-csv-import
...
Autorise le content type windows concernant les imports CSV
2021-07-15 16:48:48 +02:00
kara Diaby
0b6c7dace7
tests
2021-07-15 16:32:07 +02:00
kara Diaby
c731f8cf1f
add windows content type to avoid errors
2021-07-15 16:32:07 +02:00
Pierre de La Morinerie
c5bfab1007
Merge pull request #6342 from betagouv/main
2021-07-13 18:43:07 +02:00
Pierre de La Morinerie
ebf0b5ce8f
Merge pull request #6341 from betagouv/revert-6333-limit-filter-size
...
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" (#6341 )
2021-07-13 18:33:33 +02:00
Pierre de La Morinerie
40b3ea8ad6
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères"
2021-07-13 18:19:46 +02:00
Kara Diaby
832fbb8795
Merge pull request #6340 from betagouv/main
...
2021-07-13-01
2021-07-13 16:00:12 +02:00
Pierre de La Morinerie
674d8f9a9b
Merge pull request #6335 from betagouv/fix-import-csv
...
Administrateur : corrige l'import de fichiers CSV utilisant d'autres encodages que l'UTF-8 (#6335 )
2021-07-13 12:17:56 +02:00
kara Diaby
d2d046a39d
fix encoding problems with cherlock Holmes gem
2021-07-13 10:58:41 +02:00
Pierre de La Morinerie
e4a5f9845b
Merge pull request #6333 from betagouv/limit-filter-size
...
Instructeurs : limitation de la valeur d'un filtre à 100 caractères (#6333 )
2021-07-09 00:28:23 +02:00
Pierre de La Morinerie
3c8a88a660
instructeur: limit the maximum size of a filter value
...
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-08 16:17:22 +02:00
krichtof
5000a09451
Merge pull request #6331 from tchak/fix-cadastres-again
...
Trigger onStyleChange when leyers are toggled
2021-07-07 16:53:44 +02:00
Paul Chavard
38fdaa7404
Trigger onStyleChange when leyers are toggled
2021-07-07 16:23:55 +02:00
Paul Chavard
deccfe7873
Merge pull request #6330 from betagouv/main
...
2021-07-07-01
2021-07-07 15:54:36 +02:00
Paul Chavard
ad819d9141
Merge pull request #6328 from tchak/fix-cadastres
...
Fix cadastres layer
2021-07-07 15:46:31 +02:00
Paul Chavard
1e4c943392
Fix map controls checkbox labels
2021-07-07 15:38:21 +02:00
Paul Chavard
65adce1e24
Fix cadastres layer
2021-07-07 15:38:21 +02:00
krichtof
eebe04c35e
Merge pull request #6329 from betagouv/fix-stat-archives
...
a user can now see stats for closed procedure
2021-07-07 15:08:31 +02:00
Christophe Robillard
03e98229c9
a user can now see stats for closed procedure
2021-07-07 15:00:38 +02:00
Paul Chavard
00fd2783c7
Merge pull request #6322 from tchak/add-point-by-coordinates
...
Ajouter un point sur la carte en saisissant les coordonnées
2021-07-07 14:53:32 +02:00
Paul Chavard
527db7631e
Add a point on map from coordinates input
2021-07-07 13:33:28 +02:00
Paul Chavard
ab31087f23
Hide cadastres if there is none
2021-07-07 12:28:27 +02:00
Pierre de La Morinerie
380d2c5efa
Merge pull request #6325 from betagouv/improve-csrf-logging-again
...
Erreurs ActionController::InvalidAuthenticityToken : lorsqu'il n'y a pas de cookies, la page d'erreur par défaut est affichée (#6325 )
2021-07-07 09:38:03 +02:00
krichtof
8405d6e4bf
Merge pull request #6326 from betagouv/main
...
2021-07-06-02
2021-07-06 17:35:33 +02:00
Pierre de La Morinerie
37c62ac0a3
app: display standard error page when no cookies are present
...
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).
In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
krichtof
b4b58aa20f
Merge pull request #6324 from betagouv/fix-archive-estimation
...
integrate a mininum weight for the average dossier weight
2021-07-06 16:14:34 +02:00
Christophe Robillard
bc07a875eb
integrate a mininum weight for the average dossier weight
...
before this commit, the average dossier weight took account only pieces
justificatives. With this commit, we add a minimum weight for other
files included in an archive like pdf_export, log operations,
attachments added to traitements. This minimum weight is set arbitrary,
from the observation of some random procedures in production
2021-07-06 15:58:45 +02:00
Pierre de La Morinerie
cedef676b0
Merge pull request #6323 from tchak/fix-autocomplete-errors
...
Correction d'une erreur Javascript lors de l'auto-remplissage des menus déroulants (#6323 )
2021-07-06 15:48:43 +02:00
Paul Chavard
0ce708028d
Prevent crashes in combo boxes
2021-07-06 15:06:38 +02:00
Pierre de La Morinerie
802c4cd556
Merge pull request #6321 from betagouv/improve-csrf-logging
...
Amélioration du log des erreurs ActionController::InvalidAuthenticityToken (#6321 )
2021-07-06 15:02:36 +02:00
Pierre de La Morinerie
09933454ff
app: improve InvalidAuthenticityToken logging
...
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00
Paul Chavard
12ecafb67a
Merge pull request #6320 from betagouv/main
...
2021-07-06-01
2021-07-06 11:32:45 +02:00