I am trying to create a vary basic .rb plugin (based on the now obsolete in chrome) discourse-allowall
which will merge the CSP header to the default ones but cant get it to work.
The below does not seem to do it.
Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "frame-ancestors 'http://mylocal.com.localhost'"})
I literally have 0 experience with ruby so need to know:
If thats possible
The correct syntax for defining the above header and merging it with the default ones
NOTE: End goal is to allow for the application to be frameable by 2 specific domains.
My syntax was off and this is working fine now. Correct syntax is like:
Rails.application.config.action_dispatch.default_headers.merge!({'Content-Security-Policy' => "frame-ancestors *"})
Put it up on github in case someone wants to use it as a plugin: https://github.com/mkatrantzis/testDiscourseCSP
Related
I'm trying to run Neovim 0.8.1. on a Windows 11 environment.
My setup is really minimal:
I downloaded nvim-win64.zip (of version 0.8.1) from Neovim's releases page on Github.
Extracted it and moved it to a folder at C:\test\nvim-win64
Started up Neovim by executing C:\test\nvim-win64\bin\nvim.exe
Not using any custom config.
When inspecting my runtimepath, there are 2 ways of doing this:
Using :set runtimepath? (the Vimscript way). This gives me:
runtimepath=~\AppData\Local\nvim,~\AppData\Local\nvim-data\site,C:\test\nvim-win64\share\nvim\runtime,C:\test\nvim-win64\share\nvim\runtime\pack\dist\opt\matchit,C:\test\nvim-win64\lib\nvim,~\AppData\Local\nvim-data\site\after,~\AppData\Local\nvim\after
Using :lua print(vim.inspect(vim.api.nvim_list_runtime_paths())) (the Lua way). this gives me:
{ "C:\\test\\nvim-win64\\share\\nvim\\runtime", "C:\\test\\nvim-win64\\share\\nvim\\runtime\\pack\\dist\\opt\\matchit", "C:\\test\\nvim-win64\\lib\\nvim" }
As you can see, it seems like using the Lua way I'm missing the local config directories in my runtimepath (the ~\AppData\Local\* paths).
Why am I seeing this difference? This is blocking me from using XDG_CONFIG_HOME to use my own config that I typically use, because it seems like it does not get included in the nvim_list_runtime_paths list, but it does appear in :set runtimepath?.
Nvim api function filters out non-existent directories. So there's a difference.
My issue was that my employer had decided to put ( and ) characters in my %USERPROFILE% environment variable, which ended up breaking a bunch of stuff (including the list I got from nvim_list_runtime_paths).
Putting those characters in %USERPROFILE% is a bad idea for many reasons, so I moved all of my files and folders out of any (sub)directory in %USERPROFILE% and right in C:\.
I also had to define XDG_CONFIG_HOME, XDG_DATA_HOME and XDG_STATE_HOME to point to a different location than the default location (which default within %USERPROFILE%).
This made all of my troubles go away!
I am developing a Clojure/ClojureScript SPA based on http-kit, compojure and tiny bits of hiccup on backend and mainly reagent on frontend. Project is done with leiningen, based on hand-wrecked chestnut template.
When I tried to make more complex URLs than just "/" the following setup created a mess for me:
When producing the initial hiccup to serve HTML and adding includes for CSS and JS files I followed the examples and added them as relative urls like
(include-css "css/style.css")
;and
(include-js "js/compiled/out/goog/base.js")
(include-js "js/compiled/myproject.js")
(note absence of slash in the beginning)
In the chestnut template I got default :asset-path option for cljsbuild set to "js/compiled/out"
Of course, when I tried to add a route to the same page with the http://my-domain/something URL in addition to root http://my-domain/ and load it, the thing failed to get any of my assets (trying to fetch them under e.g. /something/js/compiled/myproject.js).
I was able to fix this issue for explicitly included assets by making those urls relative to root (prepending a slash to each of them). It left me with the same problem with the script tag with src="js/compiled/out/cljs_deps.js" injected by cljsbuild, but this one I fixed by making :asset-path relative to root as well.
It all seems to work properly now, but the fact that I had to make some head-scratching and a surprisingly large amount of googling to finally resolve this makes me feel this is not the default approach. Hence the questions:
Did I do the right thing by converting all asset urls to relative-to-root ones? (Keeping in mind that I'm working on an SPA)
If yes, why isn't this a default approach and why I keep seeing relative-to-current location URLs everywhere (including all the examples on the web as well as lein templates)?
Update:
The relevant part of my app's compojure routes looks like this:
(defroutes home-routes
(resources "/")
(GET "/" _
(friend/authenticated
(html-response
(app-page))))
(GET "/something*" _
(friend/authenticated
(html-response
(app-page)))))
Given the following example manifest:
CACHE MANIFEST
# v1 2011-08-14
# This is another comment
index.html
cache.html
http://somedomain.com/abc/xyz/
/style/css
controller/view/1
# Use from network if available
NETWORK:
/api
# Fallback content
FALLBACK:
/ fallback.html
Will "/style/css" and "/controller/view/1" work, or does it require actual file names? I keep reading about putting "files" there, but on other sites I read "URI". I'm assuming URI is correct. So, are full AND relative URIs allowed? Any cross-browser/device issues to be aware of?
BTW 1: Yes, I'm aware that "file names" are just part of a URI, and names don't dictate content (image.png could download a text file, for example, if one wanted to). I only want to confirm that URIs work well in the CACHE MANIFEST section, thanks.
BTW 2: I'm aware that Mozilla states URI for the cache manifest, so as mentioned, I just want to confirm.
https://developer.mozilla.org/en-US/docs/Web/HTML/Using_the_application_cache
You can use a dynamic manifest file which is actually designed to work with MVC. I've not had chance to use it myself but it looks really good!
http://deanhume.com/home/blogpost/mvc-and-the-html5-application-cache/59
I'm looking to remove redundant directories from my output URLs. This seems like it would be straightforward, but I can't seem to figure it out. Specifically:
This: .com/tmj/recipes/cocktails/rye/toronto.html
Should be more like this: .com/cocktails/rye/toronto.html
I've got a bit of a funny set up using a git submodule that requires the actual src documents to be organized a special way. Anyone know how I can get around this?
I was able to get the URLs I wanted by reworking the src config. This was a bit counter-intuitive to me, but now that I see it working it makes sense. Essentially I told DocPad to ignore the extra directories, and generate the site with out them. Here is the code I used, to be placed in the docpad config (docpad.coffee.)
documentsPaths: [ # default
'documents/the-mason-jar/recipes', 'pages'
]
I want Rview to jump to .js.erb-views as well.
It always says "Can't find file "app/views/examples/foo".
The help says:
rails-template-types
Commands like :Rview use a hardwired list of
extensions (erb, rjs, etc.) when searching for files. In order to
facilitate working with non-standard template types, several popular
extensions are featured in this list, including haml, liquid, and mab
(markaby). These extensions will disappear once a related
configuration option is added to rails.vim.
Since the view ends with .erb, i would suggest it should work.
Any Ideas?
This is strange, I just checked in my vim and it works fine. I use Janus, but I think that the standard vim + rails.vim should work well.
Maybe you need to update rails.vim?
And you can tell the sequence of your actions: the current file, typed commands, etc.