Merge branch 'release/5.5.4'

dodona-edu · Apr 28, 2022 · 4f7bedb · 4f7bedb
2 parents bcbbf29 + 983f527
commit 4f7bedb
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 37 deletions.
diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb
@@ -113,27 +113,11 @@ def show
 
     @title = @activity.name
     @crumbs << [@activity.name, '#']
-
-    return unless @activity.exercise?
-
-    # Enable SharedArrayBuffers on exercise pages
-    response.set_header 'Cross-Origin-Opener-Policy', 'same-origin'
-    response.set_header 'Cross-Origin-Embedder-Policy', 'require-corp'
   end
 
   def description
     raise Pundit::NotAuthorizedError, 'Not allowed' unless @activity.access_token == params[:token]
 
-    if @activity.exercise?
-      # CORP, allow sandbox to fetch from dodona
-      response.set_header 'Cross-Origin-Resource-Policy', 'cross-origin'
-      # COEP, allow sandbox to work with Papyros present
-      response.set_header 'Cross-Origin-Embedder-Policy', 'require-corp'
-      # Potential future improvement for iframes? https://github.com/camillelamy/explainers/blob/main/anonymous_iframes.md
-      # Limit allowed origins to prevent abuse of CORP header
-      response.set_header 'Access-Control-Allow-Origin', "#{Rails.configuration.sandbox_host} #{Rails.configuration.default_host}"
-    end
-
     render layout: 'frame'
   end
 

diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -1,22 +1,5 @@
 require "active_support/core_ext/integer/time"
 
-# Middleware to add required headers to assets
-class AssetHeaders
-  # Source: https://gist.github.com/ryanb/4157256
-  def initialize(app)
-    @app = app
-  end
-
-  def call(env)
-    request = Rack::Request.new(env)
-    response = @app.call(env)
-    if request.path =~ /^\/assets\//
-      response[1]['Cross-Origin-Resource-Policy'] = 'cross-origin'
-    end
-    response
-  end
-end
-
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
@@ -119,9 +102,6 @@ def call(env)
   # Annotate rendered view with file names.
   # config.action_view.annotate_rendered_view_with_filenames = true
 
-  # Use correct headers on /assets
-  config.middleware.use AssetHeaders
-
   # Regenerate js translation files
   config.middleware.use I18n::JS::Middleware
 

diff --git a/config/initializers/00_version.rb b/config/initializers/00_version.rb
@@ -3,7 +3,7 @@ class Application
     module Version
       MAJOR = 5
       MINOR = 5
-      PATCH = 3
+      PATCH = 4
 
       STRING = [MAJOR, MINOR, PATCH].compact.join('.')
     end