Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

Commit

Permalink
Merge branch 'main' into dependabot/bundler/bundler-security-group-20…
Browse files Browse the repository at this point in the history 
…d7ef3aca
  • Loading branch information
@reesericci
reesericci authored Mar 18, 2024
2 parents 0a6dbca + 8962e0b commit ca9693a
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 5 deletions.
4 changes: 2 additions & 2 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,9 @@ gem "postmark-rails"

gem "pg"

gem 'stackprof'
gem "stackprof"

gem 'sentry-ruby'
gem "sentry-ruby"

gem "sentry", "~> 0.5.3"

Expand Down
2 changes: 1 addition & 1 deletion Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ GEM
rails (>= 7.0.0)
matrix (0.4.2)
mini_mime (1.1.5)
minitest (5.21.2)
minitest (5.22.3)
mission_control-jobs (0.1.1)
importmap-rails
rails (~> 7.1)
Expand Down
27 changes: 27 additions & 0 deletions app/views/layouts/application.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,33 @@
<%= stylesheet_link_tag "application", "inter-font", "data-turbo-track": "reload" %>
<%= javascript_importmap_tags %>
<%= javascript_include_tag "application", "data-turbo-track": "reload" %>
<% if Rails.application.config.sentry == true %>
<%= javascript_tag nonce: true, type: "module" do %>
import * as Sentry from "@sentry/browser";

console.log("sentryyyyyy")

Sentry.init({
dsn: "<%=Rails.application.credentials.sentry %>}",

// This sets the sample rate to be 10%. You may want this to be 100% while
// in development and sample at a lower rate in production
replaysSessionSampleRate: 0.1,

// If the entire session is not sampled, use the below sample rate to sample
// sessions when an error occurs.
replaysOnErrorSampleRate: 1.0,

integrations: [
Sentry.replayIntegration({
// Additional SDK configuration goes in here, for example:
maskAllText: true,
blockAllMedia: true,
}),
],
});
<% end %>
<% end %>
<%= yield :head %>
</head>

Expand Down
7 changes: 7 additions & 0 deletions config/importmap.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,10 @@
pin "selectlist", to: "https://esm.sh/gh/cjdenio/selectlist-polyfill@ff6dd0f366/src/polyfill.js"
pin "cursor-chat", to: "https://esm.sh/gh/obl-ong/cursor-chat-actioncable@9befe0089b/dist/cursor-chat.es.js"
pin "local-time", to: "https://ga.jspm.io/npm:[email protected]/app/assets/javascripts/local-time.es2017-esm.js"
pin "@sentry/browser", to: "https://ga.jspm.io/npm:@sentry/[email protected]/esm/index.js"
pin "@sentry-internal/feedback", to: "https://ga.jspm.io/npm:@sentry-internal/[email protected]/esm/index.js"
pin "@sentry-internal/replay-canvas", to: "https://ga.jspm.io/npm:@sentry-internal/[email protected]/esm/index.js"
pin "@sentry-internal/tracing", to: "https://ga.jspm.io/npm:@sentry-internal/[email protected]/esm/index.js"
pin "@sentry/core", to: "https://ga.jspm.io/npm:@sentry/[email protected]/esm/index.js"
pin "@sentry/replay", to: "https://ga.jspm.io/npm:@sentry/[email protected]/esm/index.js"
pin "@sentry/utils", to: "https://ga.jspm.io/npm:@sentry/[email protected]/esm/index.js"
11 changes: 9 additions & 2 deletions config/initializers/content_security_policy.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,20 @@

Rails.application.configure do
config.content_security_policy do |policy|
policy.default_src :self, "https://rebound.postmarkapp.com", "https://esm.sh/v135/[email protected]/es2022/selectlist-polyfill.mjs", "https://ga.jspm.io/npm:[email protected]/app/assets/javascripts/local-time.es2017-esm.js", "https://esm.sh/[email protected]"
policy.default_src :none
policy.connect_src :self, "https://rebound.postmarkapp.com/check", "https://*.sentry.io/"
policy.font_src :self, :data
policy.img_src :self, :data
policy.object_src :none
policy.script_src :self, "https://rebound.postmarkapp.com", "https://code.ionicframework.com", "https://cdn.jsdelivr.net/npm/toastify-js"
policy.script_src :self, "'strict-dynamic'", "https://code.ionicframework.com", "https://cdn.jsdelivr.net/npm/toastify-js", "https://ga.jspm.io/npm:@sentry/", "https://ga.jspm.io/npm:@sentry-internal/", "https://rebound.postmarkapp.com/", "https://esm.sh/v135/[email protected]/", "https://ga.jspm.io/npm:[email protected]/", "https://esm.sh/[email protected]/"
policy.style_src :self, "https://unpkg.com/cursor-chat/dist/style.css", "https://code.ionicframework.com", "https://cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css"
policy.style_src_attr :self, "'unsafe-inline'"
policy.script_src_attr :self, "'unsafe-inline'"
policy.frame_ancestors :self
policy.base_uri :self
policy.form_action :self
policy.worker_src :self, "blob:"
policy.child_src :self, "blob:"
# Specify URI for violation reports
# policy.report_uri "/csp-violation-report-endpoint"
end
Expand Down

0 comments on commit ca9693a

Please sign in to comment.