Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move inline JS to rendered files to support CSP #561

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Move inline JS to rendered files to support CSP #561

wants to merge 2 commits into from

Conversation

worldwise001
Copy link

As it is currently set up, if you're running Teaspoon in apps that have strong CSP settings, then all the inline JS pieces will not load causing people to be confused as to why individual tests are not running.

This patch fixes that by moving the files into their own JS files. The trick though was that we still need the suite information for the JS, so what we do here is that we add another route into the controller to custom render the JS based on the suite name (which we also use for the show view anyway).

@worldwise001
Copy link
Author

cc @jejacks0n

@jejacks0n
Copy link
Owner

This is awesome, thanks @worldwise001! I'm in the process of getting this project up to speed and more current, and I'd like to work with you on getting this in there.

My plan is specifically to focus around CSP settings, webpack(er), and reducing the asset pipeline dependency in that process.

Maybe you can help -- I'm seeing calls to require, how is this being provided? is it already in the project?

@worldwise001
Copy link
Author

Yes, it should all be already in the project. I just moved some files around so that they are served via the controller instead of being inline JS.

@jejacks0n
Copy link
Owner

Seems to be! answered my own question. haha.

Ok, so one thing to note here is that right now not all specs / features are being run on CI since I'm still working on getting things polished up. When I get CI back to a place I'm comfortable with can I hit you up to merge master and we can check in at that point?

@worldwise001
Copy link
Author

(fwiw I tested this using my own project so I can verify that this causes the CSP errors to go away... I haven't really tested require.js since I don't use that in my project).

@worldwise001
Copy link
Author

worldwise001 commented Apr 17, 2019
edited
Loading

Sure! Let me know when you're likely going to be able to get CI in a nice place and I can rebase and retest.

@jejacks0n
Copy link
Owner

Thanks so much @worldwise001 -- I appreciate your time and will reach out in the next couple days as time permits. =)

@pamelahowell
Copy link

Assume sauce! Kudos to you both, and sounds like the start of a lovely collaboration.

@jejacks0n jejacks0n force-pushed the master branch 3 times, most recently from 1d95ed2 to d6352cb Compare April 29, 2019 23:34
@jejacks0n
Copy link
Owner

@worldwise001 -- The test suite is running fully and coverage reports are back in there now. There's a flakey test about code coverage, and I haven't resolved that because it's pretty complex -- and seems like a caching/random spec order issue that manifests somewhere inside sprockets.

You're welcome to rebase master now, and just keep an eye out for that one test. You can just re-run the failing build(s) until it passes -- sorry about that!

Thanks!

@worldwise001
Copy link
Author

Fantastic! I'll do that today! (sorry been swamped with other unrelated work).

houndci-bot
houndci-bot reviewed May 3, 2019
View reviewed changes
Copy link

@houndci-bot houndci-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Unable to find gem rubocop-rails_config; is the gem installed? Gem::MissingSp... 
Unable to find gem rubocop-rails_config; is the gem installed? Gem::MissingSpecError
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:189:in `rescue in gem_config_path'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:185:in `gem_config_path'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:47:in `block (2 levels) in resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:45:in `each'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:45:in `block in resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:38:in `each_pair'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:38:in `resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader.rb:48:in `load_file'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader.rb:83:in `configuration_from_file'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_store.rb:44:in `for'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/cli.rb:181:in `apply_default_formatter'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/cli.rb:40:in `run'
/home/linters/.bundle/gems/rubocop-0.54.0/bin/rubocop:13:in `block in '
/usr/local/lib/ruby/2.6.0/benchmark.rb:308:in `realtime'
/home/linters/.bundle/gems/rubocop-0.54.0/bin/rubocop:12:in `'
/home/linters/.bundle/bin/rubocop:23:in `load'
/home/linters/.bundle/bin/rubocop:23:in `'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:74:in `load'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:74:in `kernel_load'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:28:in `run'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:463:in `exec'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:27:in `dispatch'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:18:in `start'
/usr/local/lib/ruby/gems/2.6.0/gems/bundler-1.17.2/exe/bundle:30:in `block in '
/usr/local/lib/ruby/2.6.0/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/usr/local/lib/ruby/gems/2.6.0/gems/bundler-1.17.2/exe/bundle:22:in `'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `'

houndci-bot
houndci-bot reviewed May 3, 2019
View reviewed changes
Copy link

@houndci-bot houndci-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Unable to find gem rubocop-rails_config; is the gem installed? Gem::MissingSp... 
Unable to find gem rubocop-rails_config; is the gem installed? Gem::MissingSpecError
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:189:in `rescue in gem_config_path'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:185:in `gem_config_path'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:47:in `block (2 levels) in resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:45:in `each'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:45:in `block in resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:38:in `each_pair'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:38:in `resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader.rb:48:in `load_file'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader.rb:83:in `configuration_from_file'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_store.rb:44:in `for'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/cli.rb:181:in `apply_default_formatter'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/cli.rb:40:in `run'
/home/linters/.bundle/gems/rubocop-0.54.0/bin/rubocop:13:in `block in '
/usr/local/lib/ruby/2.6.0/benchmark.rb:308:in `realtime'
/home/linters/.bundle/gems/rubocop-0.54.0/bin/rubocop:12:in `'
/home/linters/.bundle/bin/rubocop:23:in `load'
/home/linters/.bundle/bin/rubocop:23:in `'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:74:in `load'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:74:in `kernel_load'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:28:in `run'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:463:in `exec'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:27:in `dispatch'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:18:in `start'
/usr/local/lib/ruby/gems/2.6.0/gems/bundler-1.17.2/exe/bundle:30:in `block in '
/usr/local/lib/ruby/2.6.0/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/usr/local/lib/ruby/gems/2.6.0/gems/bundler-1.17.2/exe/bundle:22:in `'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `'

@worldwise001
Copy link
Author

Hrm it looks like something is rewriting all the routes in the test to add /relative in front of it. I imagine this is to test something, but seems to break all the teaspoon routes. Is this intended? I think this is only supposed to kick in for assets?

@worldwise001
Copy link
Author

(Any hints on where to look? I tried adding binding.pry to the erbs and those seem to be generating properly, but I couldn't figure out where in the stack frame the rewrite was occurring)

houndci-bot
houndci-bot reviewed May 3, 2019
View reviewed changes
Copy link

@houndci-bot houndci-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some files could not be reviewed due to errors:

Unable to find gem rubocop-rails_config; is the gem installed? Gem::MissingSp... 
Unable to find gem rubocop-rails_config; is the gem installed? Gem::MissingSpecError
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:189:in `rescue in gem_config_path'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:185:in `gem_config_path'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:47:in `block (2 levels) in resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:45:in `each'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:45:in `block in resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:38:in `each_pair'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader_resolver.rb:38:in `resolve_inheritance_from_gems'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader.rb:48:in `load_file'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_loader.rb:83:in `configuration_from_file'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/config_store.rb:44:in `for'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/cli.rb:181:in `apply_default_formatter'
/home/linters/.bundle/gems/rubocop-0.54.0/lib/rubocop/cli.rb:40:in `run'
/home/linters/.bundle/gems/rubocop-0.54.0/bin/rubocop:13:in `block in '
/usr/local/lib/ruby/2.6.0/benchmark.rb:308:in `realtime'
/home/linters/.bundle/gems/rubocop-0.54.0/bin/rubocop:12:in `'
/home/linters/.bundle/bin/rubocop:23:in `load'
/home/linters/.bundle/bin/rubocop:23:in `'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:74:in `load'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:74:in `kernel_load'
/usr/local/lib/ruby/2.6.0/bundler/cli/exec.rb:28:in `run'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:463:in `exec'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:27:in `dispatch'
/usr/local/lib/ruby/2.6.0/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/usr/local/lib/ruby/2.6.0/bundler/cli.rb:18:in `start'
/usr/local/lib/ruby/gems/2.6.0/gems/bundler-1.17.2/exe/bundle:30:in `block in '
/usr/local/lib/ruby/2.6.0/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/usr/local/lib/ruby/gems/2.6.0/gems/bundler-1.17.2/exe/bundle:22:in `'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `'

@worldwise001
Copy link
Author

never mind, fixed it. javascript_include_tag assumed that it was an asset and so added the relative path accordingly.

@jejacks0n
Copy link
Owner

Ignore hound.. sorry.

@worldwise001 worldwise001 reopened this May 3, 2019
@jejacks0n
Copy link
Owner

So, do those failures make any sense to you locally?

@jejacks0n
Copy link
Owner

I changed up the rails versions a bit.

@worldwise001
Copy link
Author

The failures are a little baffling to me, and I'm trying to repro it locally. This might take the weekend for me to figure out.

@mathieujobin mathieujobin mentioned this pull request Mar 11, 2021
Open
@mathieujobin
Copy link
Collaborator

several tests is failing with this changed https://github.com/jejacks0n/teaspoon/actions/runs/657166943
rebased into e85199b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@worldwise001 @jejacks0n @pamelahowell @mathieujobin @houndci-bot