diff options
author | Stan Hu <stanhu@gmail.com> | 2019-09-11 23:37:51 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-09-11 23:37:51 -0700 |
commit | e078d51566a276558a0bbd283f8acc472d4530c9 (patch) | |
tree | c416ffdea8847f3e5127ef6f7f20626f4ac5247f | |
parent | 4d70537cd11520b5e1d368b52cfe889d2a57caea (diff) | |
download | gitlab-ce-e078d51566a276558a0bbd283f8acc472d4530c9.tar.gz |
Add CSP nonce to graphiql-rails JavaScriptsh-revert-graphiql-version
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | app/views/graphiql/rails/editors/show.html.erb | 4 |
2 files changed, 5 insertions, 3 deletions
@@ -84,7 +84,9 @@ gem 'rack-cors', '~> 1.0.0', require: 'rack/cors' # GraphQL API gem 'graphql', '~> 1.9.11' -# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released +# NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab-ce/issues/67293 +# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released: +# https://gitlab.com/gitlab-org/gitlab-ce/issues/67263 gem 'graphiql-rails', '~> 1.4.10' gem 'apollo_upload_server', '~> 2.0.0.beta3' gem 'graphql-docs', '~> 1.6.0', group: [:development, :test] diff --git a/app/views/graphiql/rails/editors/show.html.erb b/app/views/graphiql/rails/editors/show.html.erb index df54b5821ee..b8f82ae8323 100644 --- a/app/views/graphiql/rails/editors/show.html.erb +++ b/app/views/graphiql/rails/editors/show.html.erb @@ -10,7 +10,7 @@ <div id="graphiql-container"> Loading... </div> - <script> + <%= javascript_tag nonce: true do -%> var parameters = {}; <% if GraphiQL::Rails.config.query_params %> @@ -94,6 +94,6 @@ }), document.getElementById("graphiql-container") ); - </script> + <% end -%> </body> </html> |