From c06f09dfe2f06102c9baae2a3dfa1e3e83d1c41b Mon Sep 17 00:00:00 2001 From: maxypy Date: Fri, 14 Apr 2017 11:09:20 +0200 Subject: [PATCH] Implementing Subresource Integrity (#1729) * Add sprockets-rails to Gemfile * Add sprockets-rails to Gemfile.lock * Update show.html.haml * Update index.html.haml * Update admin.html.haml * Update auth.html.haml * Update embedded.html.haml * Update public.html.haml --- Gemfile | 1 + Gemfile.lock | 1 + app/views/about/show.html.haml | 2 +- app/views/home/index.html.haml | 2 +- app/views/layouts/admin.html.haml | 2 +- app/views/layouts/auth.html.haml | 2 +- app/views/layouts/embedded.html.haml | 2 +- app/views/layouts/public.html.haml | 2 +- 8 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index 9a1792623b..a1313f6170 100644 --- a/Gemfile +++ b/Gemfile @@ -50,6 +50,7 @@ gem 'sidekiq' gem 'sidekiq-unique-jobs' gem 'simple-navigation' gem 'simple_form' +gem 'sprockets-rails', :require => 'sprockets/railtie' gem 'statsd-instrument' gem 'twitter-text' gem 'tzinfo-data' diff --git a/Gemfile.lock b/Gemfile.lock index f1bc9880ec..c7ea894dcc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -520,6 +520,7 @@ DEPENDENCIES simple-navigation simple_form simplecov + sprockets-rails statsd-instrument twitter-text tzinfo-data diff --git a/app/views/about/show.html.haml b/app/views/about/show.html.haml index 0c066962d6..922e42575f 100644 --- a/app/views/about/show.html.haml +++ b/app/views/about/show.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_include_tag 'application_public' + = javascript_include_tag 'application_public', integrity: true - content_for :page_title do = Rails.configuration.x.local_domain diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml index 9e3b944633..6cb7155767 100644 --- a/app/views/home/index.html.haml +++ b/app/views/home/index.html.haml @@ -3,6 +3,6 @@ window.STREAMING_API_BASE_URL = '#{Rails.configuration.x.streaming_api_base_url}'; window.INITIAL_STATE = #{json_escape(render(file: 'home/initial_state', formats: :json))} - = javascript_include_tag 'application' + = javascript_include_tag 'application', integrity: true = react_component 'Mastodon', default_props, class: 'app-holder', prerender: false diff --git a/app/views/layouts/admin.html.haml b/app/views/layouts/admin.html.haml index 59fe078dfc..fa364750f9 100644 --- a/app/views/layouts/admin.html.haml +++ b/app/views/layouts/admin.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_include_tag 'application_public' + = javascript_include_tag 'application_public', integrity: true - content_for :content do .admin-wrapper diff --git a/app/views/layouts/auth.html.haml b/app/views/layouts/auth.html.haml index db841d27a7..bf4113baf2 100644 --- a/app/views/layouts/auth.html.haml +++ b/app/views/layouts/auth.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_include_tag 'application_public' + = javascript_include_tag 'application_public', integrity: true - content_for :content do .container diff --git a/app/views/layouts/embedded.html.haml b/app/views/layouts/embedded.html.haml index adbf0a2870..c34247c913 100644 --- a/app/views/layouts/embedded.html.haml +++ b/app/views/layouts/embedded.html.haml @@ -3,6 +3,6 @@ %head %meta{:charset => 'utf-8'}/ = stylesheet_link_tag 'application', media: 'all' - = javascript_include_tag 'application_public' + = javascript_include_tag 'application_public', integrity: true %body.embed = yield diff --git a/app/views/layouts/public.html.haml b/app/views/layouts/public.html.haml index 808fb0a0e6..56781a286e 100644 --- a/app/views/layouts/public.html.haml +++ b/app/views/layouts/public.html.haml @@ -1,5 +1,5 @@ - content_for :header_tags do - = javascript_include_tag 'application_public' + = javascript_include_tag 'application_public', integrity: true - content_for :content do .container= yield