kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add CSP nonce to graphiql-rails JavaScript

Browse source
This commit is contained in:
Stan Hu 2019-09-11 23:37:51 -07:00
parent 4d70537cd1
commit e078d51566
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Gemfile
View file

@ -84,7 +84,9 @@ gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
# GraphQL API
gem 'graphql', '~> 1.9.11'
# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released
# NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab-ce/issues/67293
# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
# https://gitlab.com/gitlab-org/gitlab-ce/issues/67263
gem 'graphiql-rails', '~> 1.4.10'
gem 'apollo_upload_server', '~> 2.0.0.beta3'
gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]

4
app/views/graphiql/rails/editors/show.html.erb
View file

@ -10,7 +10,7 @@
<div id="graphiql-container">
Loading...
</div>
<script>
<%= javascript_tag nonce: true do -%>
var parameters = {};
<% if GraphiQL::Rails.config.query_params %>
@ -94,6 +94,6 @@
}),
document.getElementById("graphiql-container")
);
</script>
<% end -%>
</body>
</html>