summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2019-09-11 23:37:51 -0700
committerStan Hu <stanhu@gmail.com>2019-09-11 23:37:51 -0700
commite078d51566a276558a0bbd283f8acc472d4530c9 (patch)
treec416ffdea8847f3e5127ef6f7f20626f4ac5247f
parent4d70537cd11520b5e1d368b52cfe889d2a57caea (diff)
downloadgitlab-ce-e078d51566a276558a0bbd283f8acc472d4530c9.tar.gz
Add CSP nonce to graphiql-rails JavaScriptsh-revert-graphiql-version
-rw-r--r--Gemfile4
-rw-r--r--app/views/graphiql/rails/editors/show.html.erb4
2 files changed, 5 insertions, 3 deletions
diff --git a/Gemfile b/Gemfile
index 734104a25bc..7fb9838b8b0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -84,7 +84,9 @@ gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
# GraphQL API
gem 'graphql', '~> 1.9.11'
-# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released
+# NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab-ce/issues/67293
+# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
+# https://gitlab.com/gitlab-org/gitlab-ce/issues/67263
gem 'graphiql-rails', '~> 1.4.10'
gem 'apollo_upload_server', '~> 2.0.0.beta3'
gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
diff --git a/app/views/graphiql/rails/editors/show.html.erb b/app/views/graphiql/rails/editors/show.html.erb
index df54b5821ee..b8f82ae8323 100644
--- a/app/views/graphiql/rails/editors/show.html.erb
+++ b/app/views/graphiql/rails/editors/show.html.erb
@@ -10,7 +10,7 @@
<div id="graphiql-container">
Loading...
</div>
- <script>
+ <%= javascript_tag nonce: true do -%>
var parameters = {};
<% if GraphiQL::Rails.config.query_params %>
@@ -94,6 +94,6 @@
}),
document.getElementById("graphiql-container")
);
- </script>
+ <% end -%>
</body>
</html>