From 1ea56aba0d7f8ce9e7e39b25f4bbfe741729fba2 Mon Sep 17 00:00:00 2001 From: winniederidder Date: Wed, 27 Apr 2022 23:00:59 +0200 Subject: [PATCH 1/2] Remove SAB headers --- app/controllers/activities_controller.rb | 16 ---------------- config/environments/development.rb | 20 -------------------- 2 files changed, 36 deletions(-) diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb index a07c78b38b..324833378f 100644 --- a/app/controllers/activities_controller.rb +++ b/app/controllers/activities_controller.rb @@ -113,27 +113,11 @@ def show @title = @activity.name @crumbs << [@activity.name, '#'] - - return unless @activity.exercise? - - # Enable SharedArrayBuffers on exercise pages - response.set_header 'Cross-Origin-Opener-Policy', 'same-origin' - response.set_header 'Cross-Origin-Embedder-Policy', 'require-corp' end def description raise Pundit::NotAuthorizedError, 'Not allowed' unless @activity.access_token == params[:token] - if @activity.exercise? - # CORP, allow sandbox to fetch from dodona - response.set_header 'Cross-Origin-Resource-Policy', 'cross-origin' - # COEP, allow sandbox to work with Papyros present - response.set_header 'Cross-Origin-Embedder-Policy', 'require-corp' - # Potential future improvement for iframes? https://github.com/camillelamy/explainers/blob/main/anonymous_iframes.md - # Limit allowed origins to prevent abuse of CORP header - response.set_header 'Access-Control-Allow-Origin', "#{Rails.configuration.sandbox_host} #{Rails.configuration.default_host}" - end - render layout: 'frame' end diff --git a/config/environments/development.rb b/config/environments/development.rb index 30d18f9488..a6c6df2034 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,22 +1,5 @@ require "active_support/core_ext/integer/time" -# Middleware to add required headers to assets -class AssetHeaders - # Source: https://gist.github.com/ryanb/4157256 - def initialize(app) - @app = app - end - - def call(env) - request = Rack::Request.new(env) - response = @app.call(env) - if request.path =~ /^\/assets\// - response[1]['Cross-Origin-Resource-Policy'] = 'cross-origin' - end - response - end -end - Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -119,9 +102,6 @@ def call(env) # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Use correct headers on /assets - config.middleware.use AssetHeaders - # Regenerate js translation files config.middleware.use I18n::JS::Middleware From 983f5276fe5599f0613ff0ea084d8c85962dc741 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Thu, 28 Apr 2022 13:25:12 +0200 Subject: [PATCH 2/2] Bump version --- config/initializers/00_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/00_version.rb b/config/initializers/00_version.rb index 6324a492f2..885081de52 100644 --- a/config/initializers/00_version.rb +++ b/config/initializers/00_version.rb @@ -3,7 +3,7 @@ class Application module Version MAJOR = 5 MINOR = 5 - PATCH = 3 + PATCH = 4 STRING = [MAJOR, MINOR, PATCH].compact.join('.') end