SecureHeaders fixes #478
Merged
SecureHeaders fixes #478
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When secure_headers gem is enabled, the rollbar.js plugin doesn't initialize (the script tag is not getting inserted). I'm not familiar with the rollbar plugin flow, but my expectation is, since the plugin is loaded via Railtie initializer (not directly), the `plugin.execute` queue is not emptied at this point (the `load!` is not fired anymore). What I did, i moved the queue initialization do the `call` endpoint, and passed the actual rollbar.js initialization body the the Railtie initializer (which is invoked only when secure_headers are found).
We have two different cases when loading rails-rollbar.js plugin, having SecureHeaders::Middleware defined or not. In both cases we will check if Rollbar.configuration.js_enabled is true or not. Since that flag is set by the user using Rollbar.configure block, we need to delay the execution of the plugin code until the last moment. We do that using Rollbar::Plugin#execute. All the plugins loaded in that way are sure to be loaded having a correct Rollbar.configuration.
Merged
|
Is there any plan to merge this in the near future? We are stuck on v2.9.1 because of the broken interaction with |
added 2 commits
August 31, 2016 14:36
…cure-headers-fixes
rack-protection has been merged into sinatra/sinatra
jondeandres
pushed a commit
that referenced
this pull request
Sep 15, 2016
Features: - Allow to override config. See [#519](#519). - Send code and context frame data. See [#523](#523). - Send GET, POST and raw body in their correct place. See [#522](#522). - Increase max payload from 128kb to 512kb. See [#521](#521). - Add resque-rollbar functionality to the gem. See [#516](#516). - Send custom.orig_host and custom.orig_uuid on too large payloads. See [#518](#518). - Add Content-Length and Content-Type headers to the reports. See [#513](#513). Bug fixes: - SecureHeaders fixes. See [#478](#478). - Include validations plugin in activerecord base. See [#503](#503). - Require tempfile and use ::Tempfile. See [#514](#514). - Extract correct client IP from X-Forwarded-For header. See [#515](#515). - Delayed job fix on job serialization. See [#512](#512). Others: - Fix tests on rails40 and ruby 1.8.7. See [#485](#485). - Move log methods to public section. See [#498](#498). - Change rails50.gemfile to use Rails 5.0.0. See [#495](#495). - Update CHANGELOG.md to fix incorrect links. See [#502](#502). - Improve Rake support to avoid conflicts with other services. See [#517](#517). - Make Codeclimate happier with Rollbar::Middlware::Js. See [#520](#520).
Merged
jondeandres
pushed a commit
that referenced
this pull request
Sep 15, 2016
[skip ci] Features: - Allow to override config. See [#519](#519). - Send code and context frame data. See [#523](#523). - Send GET, POST and raw body in their correct place. See [#522](#522). - Increase max payload from 128kb to 512kb. See [#521](#521). - Add resque-rollbar functionality to the gem. See [#516](#516). - Send custom.orig_host and custom.orig_uuid on too large payloads. See [#518](#518). - Add Content-Length and Content-Type headers to the reports. See [#513](#513). Bug fixes: - SecureHeaders fixes. See [#478](#478). - Include validations plugin in activerecord base. See [#503](#503). - Require tempfile and use ::Tempfile. See [#514](#514). - Extract correct client IP from X-Forwarded-For header. See [#515](#515). - Delayed job fix on job serialization. See [#512](#512). Others: - Fix tests on rails40 and ruby 1.8.7. See [#485](#485). - Move log methods to public section. See [#498](#498). - Change rails50.gemfile to use Rails 5.0.0. See [#495](#495). - Update CHANGELOG.md to fix incorrect links. See [#502](#502). - Improve Rake support to avoid conflicts with other services. See [#517](#517). - Make Codeclimate happier with Rollbar::Middlware::Js. See [#520](#520).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.