Commit graph

14912 commits

Author SHA1 Message Date
Pierre de La Morinerie
5b4f7f9ae9 app: restore the default cache settings
We initially did that to avoid a browser being restarted to display a
cached form with a stale CSRF token – thus provoking an
InvalidAuthenticityToken exception when the form is submitted.

But now that we use a long-lived CSRF token, we can submit forms with
a stale CSRF token successfully (because the long-lived CSRF cookie)
is still valid – so we no longer need to change the HTML cache behavior.

This fixes issues where the browser Back button wants to display a
previous POST document, but can't because of the 'no-store' setting. In
this case the browser either displays an error, or re-attempts the POST
request (without any cookies), which results in an 
InvalidAuthenticityToken exception.

See `docs/adr-csrf-forgery.md` for more explanations.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
831672391e app: use a long-lived cookie for CSRF token
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
446c57ed63 specs: add a feature test for forgery protection 2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
a03d8d0705 controllers: remove useless handle_verified_request override
This is a leftover of 09933454ff
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
da3af3218b
Merge pull request #6348 from betagouv/main 2021-07-20 09:40:20 +02:00
Pierre de La Morinerie
eec82b3798
Merge pull request #6339 from betagouv/update-sentry-javascript
Mise à jour du SDK de Sentry (#6339)
2021-07-20 09:31:12 +02:00
Pierre de La Morinerie
63cde95fc9 js: ignore errors generated by a Microsoft crawler
Sentry has a lot of Javacript errors stating:

> UnhandledRejection: Non-Error promise rejection captured with value: Object Not Found Matching Id:2 

This is apparently caused by a Microsoft crawler (maybe for scanning
targets of email links), and can be safely ignored.

See https://forum.sentry.io/t/unhandledrejection-non-error-promise-rejection-captured-with-value/14062/12
2021-07-20 09:21:59 +02:00
Pierre de La Morinerie
0dfe4fc899 js: update to @sentry/browser v6.9.0
Helps with de-duplicating issues being trigerred in a loop.

See https://github.com/getsentry/sentry-javascript/pull/3730
2021-07-20 09:21:59 +02:00
Pierre de La Morinerie
d4face20d2
Merge pull request #6337 from betagouv/dependabot/bundler/addressable-2.8.0
Mise à jour de `addressable` de la version 2.7.0 à 2.8.0 (#6337)
2021-07-20 09:21:20 +02:00
dependabot[bot]
73935c23e4
build(deps): bump addressable from 2.7.0 to 2.8.0
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/sporkmonger/addressable/releases)
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-20 07:13:05 +00:00
Pierre de La Morinerie
695b9b194e
Merge pull request #6334 from betagouv/fix-invalid-checkbox-selection
Correction de l'affichage des cases à cocher dans les listes multiples lorsque plusieurs options ont des valeurs similaires (#6334)
2021-07-20 09:09:38 +02:00
Pierre de La Morinerie
71741c5f98 views: fix checkbox wrongly selected in multiple_drop_down_list
The check for whether the checkbox should be checked or not was made by
matching the whole string. Thus, given two options 'valid' and
'invalid', the check for the presence of 'valid' would succeed even when
only 'invalid' was present in the values (because
`'valid'.includes?('invalid')`.

The code now checks against the list of items in the selected_options.
2021-07-20 09:01:07 +02:00
Kara Diaby
068389dde8
Merge pull request #6344 from betagouv/main
2021-07-15-01
2021-07-15 17:01:55 +02:00
Kara Diaby
a35d46ebf4
Merge branch 'production' into main 2021-07-15 16:50:25 +02:00
Kara Diaby
40268f5abf
Merge pull request #6343 from betagouv/fix-content-type-csv-import
Autorise le content type windows concernant les imports CSV
2021-07-15 16:48:48 +02:00
kara Diaby
0b6c7dace7 tests 2021-07-15 16:32:07 +02:00
kara Diaby
c731f8cf1f add windows content type to avoid errors 2021-07-15 16:32:07 +02:00
Pierre de La Morinerie
c5bfab1007
Merge pull request #6342 from betagouv/main 2021-07-13 18:43:07 +02:00
Pierre de La Morinerie
ebf0b5ce8f
Merge pull request #6341 from betagouv/revert-6333-limit-filter-size
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" (#6341)
2021-07-13 18:33:33 +02:00
Pierre de La Morinerie
40b3ea8ad6
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" 2021-07-13 18:19:46 +02:00
Kara Diaby
832fbb8795
Merge pull request #6340 from betagouv/main
2021-07-13-01
2021-07-13 16:00:12 +02:00
Pierre de La Morinerie
674d8f9a9b
Merge pull request #6335 from betagouv/fix-import-csv
Administrateur : corrige l'import de fichiers CSV utilisant d'autres encodages que l'UTF-8 (#6335)
2021-07-13 12:17:56 +02:00
kara Diaby
d2d046a39d fix encoding problems with cherlock Holmes gem 2021-07-13 10:58:41 +02:00
Pierre de La Morinerie
e4a5f9845b
Merge pull request #6333 from betagouv/limit-filter-size
Instructeurs : limitation de la valeur d'un filtre à 100 caractères (#6333)
2021-07-09 00:28:23 +02:00
Pierre de La Morinerie
3c8a88a660 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-08 16:17:22 +02:00
krichtof
5000a09451
Merge pull request #6331 from tchak/fix-cadastres-again
Trigger onStyleChange when leyers are toggled
2021-07-07 16:53:44 +02:00
Paul Chavard
38fdaa7404 Trigger onStyleChange when leyers are toggled 2021-07-07 16:23:55 +02:00
Paul Chavard
deccfe7873
Merge pull request #6330 from betagouv/main
2021-07-07-01
2021-07-07 15:54:36 +02:00
Paul Chavard
ad819d9141
Merge pull request #6328 from tchak/fix-cadastres
Fix cadastres layer
2021-07-07 15:46:31 +02:00
Paul Chavard
1e4c943392 Fix map controls checkbox labels 2021-07-07 15:38:21 +02:00
Paul Chavard
65adce1e24 Fix cadastres layer 2021-07-07 15:38:21 +02:00
krichtof
eebe04c35e
Merge pull request #6329 from betagouv/fix-stat-archives
a user can now see stats for closed procedure
2021-07-07 15:08:31 +02:00
Christophe Robillard
03e98229c9 a user can now see stats for closed procedure 2021-07-07 15:00:38 +02:00
Paul Chavard
00fd2783c7
Merge pull request #6322 from tchak/add-point-by-coordinates
Ajouter un point sur la carte en saisissant les coordonnées
2021-07-07 14:53:32 +02:00
Paul Chavard
527db7631e Add a point on map from coordinates input 2021-07-07 13:33:28 +02:00
Paul Chavard
ab31087f23 Hide cadastres if there is none 2021-07-07 12:28:27 +02:00
Pierre de La Morinerie
380d2c5efa
Merge pull request #6325 from betagouv/improve-csrf-logging-again
Erreurs ActionController::InvalidAuthenticityToken : lorsqu'il n'y a pas de cookies, la page d'erreur par défaut est affichée (#6325)
2021-07-07 09:38:03 +02:00
krichtof
8405d6e4bf
Merge pull request #6326 from betagouv/main
2021-07-06-02
2021-07-06 17:35:33 +02:00
Pierre de La Morinerie
37c62ac0a3 app: display standard error page when no cookies are present
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).

In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
krichtof
b4b58aa20f
Merge pull request #6324 from betagouv/fix-archive-estimation
integrate a mininum weight for the average dossier weight
2021-07-06 16:14:34 +02:00
Christophe Robillard
bc07a875eb integrate a mininum weight for the average dossier weight
before this commit, the average dossier weight took account only pieces
justificatives. With this commit, we add a minimum weight for other
files included in an archive like pdf_export, log operations,
attachments added to traitements. This minimum weight is set arbitrary,
from the observation of some random procedures in production
2021-07-06 15:58:45 +02:00
Pierre de La Morinerie
cedef676b0
Merge pull request #6323 from tchak/fix-autocomplete-errors
Correction d'une erreur Javascript lors de l'auto-remplissage des menus déroulants (#6323)
2021-07-06 15:48:43 +02:00
Paul Chavard
0ce708028d Prevent crashes in combo boxes 2021-07-06 15:06:38 +02:00
Pierre de La Morinerie
802c4cd556
Merge pull request #6321 from betagouv/improve-csrf-logging
Amélioration du log des erreurs ActionController::InvalidAuthenticityToken (#6321)
2021-07-06 15:02:36 +02:00
Pierre de La Morinerie
09933454ff app: improve InvalidAuthenticityToken logging
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00
Paul Chavard
12ecafb67a
Merge pull request #6320 from betagouv/main
2021-07-06-01
2021-07-06 11:32:45 +02:00
Paul Chavard
50ebd6d17a
Merge pull request #6316 from tchak/carto-layers
Make IGN layers opacity configurable
2021-07-06 11:17:46 +02:00
Paul Chavard
87fb98f5ed Make IGN layers opacity configurable 2021-07-06 10:36:12 +02:00
Pierre de La Morinerie
d23740689f
Merge pull request #6315 from betagouv/show-avis-tab-on-all-profiles
Experts : l'onglet "Avis" est maintenant visible quel que soit le profil (#6315)
2021-07-06 09:02:14 +02:00
Pierre de La Morinerie
97c8f76635 views: show the 'Avis' tab if needed on all profiles 2021-07-06 08:54:40 +02:00