Christophe Robillard
9347951cea
act as an saml identity provider
2020-11-16 12:19:54 +01:00
Christophe Robillard
305ccdc0cd
add recoverable and two_factor stragegy for administration
2020-11-05 16:03:55 +01:00
Christophe Robillard
6c2eb22960
remove github authentication for manager
2020-11-05 16:03:55 +01:00
simon lehericey
d82d1132c2
Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp
2020-10-30 17:08:31 +01:00
kara Diaby
3d56b1d8b0
fix bootstrap cdn
2020-10-22 15:00:01 +02:00
clemkeirua
d7fff61d5d
ajout de la gem sendinblue
2020-10-13 17:36:43 +02:00
clemkeirua
111f309c7f
changement de l'adresse de création de compte administrateur
2020-09-21 17:02:37 +02:00
clemkeirua
f9c4e967d6
remove :autosave_dossier_draft
2020-09-21 08:46:01 +00:00
clemkeirua
6643b598c3
remove :administrateur_graphql
2020-09-17 09:24:50 +02:00
clemkeirua
1be07c1ef5
remove :administrateur_champ_integer_number
2020-09-17 09:24:50 +02:00
clemkeirua
01ac4d7e19
remove operation_log_serialize_subject
2020-09-17 09:24:50 +02:00
simon lehericey
5459c2fa7f
Fix uninitialized excon constant
2020-09-08 18:36:24 +02:00
simon lehericey
19d73f13f0
variabilize banner message
2020-09-08 14:52:42 +02:00
simon lehericey
bd6705b90a
Remove image and video analyzer which are not used
2020-09-02 17:00:26 +02:00
Judith
af25fdd77c
gem http_accept_language installed and (de)activable with feature flag
2020-08-27 16:15:01 +02:00
Pierre de La Morinerie
82c89fb56f
config: remove comment about ActiveStorage integration with VirusScanner
...
As the comment states, it would be nice to load the Virus Scanner on
the Attachment (rather than the blob).
However, in order not to clobber the blob metadata, we want to run the
VirusScanner once the blob analyzer did run.
And the most direct way to detect that the blob analyzer did run is to
add an `on_update_commit` hook on the blob, as this hook will be
trigerred when saving changes to the metadata. This is what the current
solution uses.
So the current solution is almost optimal, and has a low chance of
accidentally clobbering the blob metadata – as the virus scanner is only
started when the analysis phase is finished.
2020-08-26 16:11:01 +02:00
Pierre de La Morinerie
527a330c7a
config: use Rails 6.0 config defaults
...
We already flipped the new defaults, so this is a no-op.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
fbbcd97463
config: flip config.active_record.collection_cache_versioning
...
This is related to internal cache implementation, and doesn't affect us.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
4a9f081cfc
config: flip config.action_mailer.delivery_job
...
This is safe in all cases – except that it prevents a downgrade to
Rails 5. We don't intend to downgrade now, so this is fine.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
b556e2a99a
config: flip config.active_storage.replace_on_assign_to_many
...
We don't have any `has_many_attached` relations in the code base, so
this is safe.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
54a4db1c47
config: flip config.active_storage.queues
...
ActiveStorage jobs are now moved to their own queue.
For consistency, we also move our own analysis jobs (VirusScannerJob)
on the same `:active_storage_analysis` queue.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
c6cdd08373
config: flip config.active_job.return_false_on_aborted_enqueue
...
We don't have any instance of aborting inside a job in the code base,
so this setting is safe to flip.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
65809f8ea0
config: flip action_dispatch_return_only_media_type_on_content_type
...
This makes `ActionDispatch::Controller#content_type` return not only
the MIME type, but also in some circumstances the charset.
Example:
```ruby
reponse.content_type == 'text/html; charset=utf-8'
```
The MIME type-only fragment can now be accessed using `#media_type`.
Changes to the tests are not stricly necessary (because no charset is
present in the actual value), but represent the intent better.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
8427f0eb75
config: flip config.action_dispatch.use_cookies_with_metadata
...
This makes cookies more secure, by adding an automatic "purpose" field
to each cookie.
Cookies generated by Rails 5 are still forward-compatible. However
from now on the generated cookies will not be backward-compatible with
Rails 6.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
e8fa65f79d
config: flip config.action_view.default_enforce_utf8
...
This prevents charset workaround on IE 8 and lower. We don't support
these browsers anyway, so we can flip the feature off.
2020-08-05 16:48:36 +02:00
Paul Chavard
4c87e547b3
Put IGN map behind a feature flag
2020-07-30 17:22:28 +02:00
Paul Chavard
f1cbc9846e
Add carte ign
2020-07-30 16:58:20 +02:00
clemkeirua
db0d230531
add cdn.jsdeliver.net to the CSP
2020-07-27 16:54:46 +02:00
Fabrice Gangler
1352cde321
Feat: allow emails senders to be configured in .env file
...
Refs: #5408
2020-07-24 10:50:55 +02:00
clemkeirua
7e085c657d
specific deactivation of rubocop DS/ApplicationName rule
2020-07-23 16:20:16 +02:00
clemkeirua
c658428441
added application name in config/
2020-07-23 16:17:54 +02:00
clemkeirua
31a262efef
extraction d'urls doc/faq/… dans url.rb
2020-07-23 16:16:36 +02:00
Paul Chavard
8b9e73a30a
Merge pull request #5382 from adullact/feat_status-page-customisation
...
#5379 - Allow status page URL to be configured in the .env file
2020-07-22 22:10:58 +02:00
Paul Chavard
35461f0159
Add revisions migrations
2020-07-21 19:35:30 +02:00
clemkeirua
c0cf8b1341
fix display of labels for datetime on screenreaders
2020-07-20 11:37:01 +02:00
Gangler Fabrice
39feca251d
allow status page URL to be configured in .env
2020-07-17 15:53:49 +02:00
Paul Chavard
6a24c3f812
Rails app:update
2020-07-07 18:03:56 +02:00
clemkeirua
6a3811a4e2
fix catalog v3
2020-06-19 14:20:32 +02:00
krichtof
ff6eaf73db
Revert "Suppression de l'utilisation de Keystone v2"
2020-06-04 17:32:25 +02:00
Paul Chavard
901b6e23a8
Remove legacy carto
2020-06-04 16:03:23 +02:00
clemkeirua
def744d627
remove now useless keystone v2
2020-06-04 12:05:27 +00:00
clemkeirua
868decd06e
add overide for fog openstack v3
2020-06-02 15:03:37 +02:00
Pierre de La Morinerie
c9820adbc4
urls: fix link to autosave FAQ article
2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
6eca93faab
urls: fix link to admin FAQ category
2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
93bb5283ff
app: remove the feature flag for pieces justificatives auto-upload
...
The feature works as intended: we can remove the feature flag.
2020-05-14 17:39:07 +02:00
Keirua
a869a04e1e
Mise à jour de l'URL de doc sur l'archivage
...
Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>
2020-05-13 16:45:27 +02:00
clemkeirua
84888be255
clarification de l'archivage/suppression
2020-05-13 16:45:27 +02:00
kara Diaby
2fc438ab65
Fix safari and firefox compatibility mapbox gl
2020-04-30 14:14:03 +02:00
kara Diaby
9aea1fffee
Migrate the map editor to mapbox-gl with react component
2020-04-27 11:30:32 +02:00
Pierre de La Morinerie
37645d3df2
config: fix (again) the CSP when running a LiveReload server locally
...
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.
Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00