Update to graphiql-rails v1.7.10ac-fix-graphiql-csp

This fixes the remaining inline JavaScript issues on this page.
author: Stan Hu <stanhu@gmail.com> 2019-09-10 07:01:49 -0700
committer: Stan Hu <stanhu@gmail.com> 2019-09-10 07:01:49 -0700
commit: 67f91d49a5d765ace2e1673cc6dcc32f61707e22 (patch)
tree: 99f0d51a60099d66435fad9e976d525e170733f8
parent: 35d95a313d6746a4a782c0e5c31f44c126a958b6 (diff)
download: gitlab-ce-ac-fix-graphiql-csp.tar.gz
3 files changed, 12 insertions, 93 deletions
diff --git a/Gemfile b/Gemfile
index 911635c5fc5..6344df7b68d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -85,7 +85,7 @@ gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
 # GraphQL API
 gem 'graphql', '~> 1.9.11'
 # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released
-gem 'graphiql-rails', '~> 1.4.10'
+gem 'graphiql-rails', '~> 1.7.0'
 gem 'apollo_upload_server', '~> 2.0.0.beta3'
 gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 48053e5740e..301b54f9a9f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -398,7 +398,7 @@ GEM
       rake (~> 12)
     grape_logging (1.7.0)
       grape
-    graphiql-rails (1.4.10)
+    graphiql-rails (1.7.0)
       railties
       sprockets-rails
     graphql (1.9.11)
@@ -1142,7 +1142,7 @@ DEPENDENCIES
   grape-entity (~> 0.7.1)
   grape-path-helpers (~> 1.1)
   grape_logging (~> 1.7)
-  graphiql-rails (~> 1.4.10)
+  graphiql-rails (~> 1.7.0)
   graphql (~> 1.9.11)
   graphql-docs (~> 1.6.0)
   grpc (~> 1.19.0)
diff --git a/app/views/graphiql/rails/editors/show.html.erb b/app/views/graphiql/rails/editors/show.html.erb
index df54b5821ee..abb1ed0e772 100644
--- a/app/views/graphiql/rails/editors/show.html.erb
+++ b/app/views/graphiql/rails/editors/show.html.erb
@@ -1,99 +1,18 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>GraphiQL</title>
+    <title><%= GraphiQL::Rails.config.title || 'GraphiQL' %></title>
+
     <%= stylesheet_link_tag("graphiql/rails/application") %>
-    <%# TODO: This file was included to fix a CSP failure. Please remove when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released %>
     <%= javascript_include_tag("graphiql/rails/application", nonce: true) %>
   </head>
   <body>
-    <div id="graphiql-container">
-      Loading...
-    </div>
-    <script>
-    var parameters = {};
-
-    <% if GraphiQL::Rails.config.query_params %>
-    // Parse the search string to get url parameters.
-    var search = window.location.search;
-    search.substr(1).split('&').forEach(function (entry) {
-     var eq = entry.indexOf('=');
-     if (eq >= 0) {
-       parameters[decodeURIComponent(entry.slice(0, eq))] =
-         decodeURIComponent(entry.slice(eq + 1));
-     }
-    });
-    // if variables was provided, try to format it.
-    if (parameters.variables) {
-     try {
-       parameters.variables =
-         JSON.stringify(JSON.parse(parameters.variables), null, 2);
-     } catch (e) {
-       // Do nothing, we want to display the invalid JSON as a string, rather
-       // than present an error.
-     }
-    }
-    // When the query and variables string is edited, update the URL bar so
-    // that it can be easily shared
-    function onEditQuery(newQuery) {
-     parameters.query = newQuery;
-     updateURL();
-    }
-    function onEditVariables(newVariables) {
-     parameters.variables = newVariables;
-     updateURL();
-    }
-    function updateURL() {
-     var newSearch = '?' + Object.keys(parameters).map(function (key) {
-       return encodeURIComponent(key) + '=' +
-         encodeURIComponent(parameters[key]);
-     }).join('&');
-     history.replaceState(null, null, newSearch);
-    }
-    <% end %>
-
-    // Defines a GraphQL fetcher using the fetch API.
-    var graphQLEndpoint = "<%= graphql_endpoint_path %>";
-    function graphQLFetcher(graphQLParams) {
-      return fetch(graphQLEndpoint, {
-        method: 'post',
-        headers: <%= raw JSON.pretty_generate(GraphiQL::Rails.config.resolve_headers(self)) %>,
-        body: JSON.stringify(graphQLParams),
-        credentials: 'include',
-      }).then(function(response) {
-        return response.text();
-      }).then(function(text) {
-        try {
-            return JSON.parse(text);
-        } catch(error) {
-            return {
-              "message": "The server responded with invalid JSON, this is probably a server-side error",
-              "response": text,
-            };
-        }
-      })
-    }
-
-    <% if GraphiQL::Rails.config.initial_query %>
-    var defaultQuery = "<%= GraphiQL::Rails.config.initial_query.gsub("\n", '\n').gsub('"', '\"').html_safe %>";
-    <% else %>
-    var defaultQuery = undefined
-    <% end %>
-
-    // Render <GraphiQL /> into the body.
-    ReactDOM.render(
-      React.createElement(GraphiQL, {
-        fetcher: graphQLFetcher,
-        defaultQuery: defaultQuery,
-        <% if GraphiQL::Rails.config.query_params %>
-        query: parameters.query,
-        variables: parameters.variables,
-        onEditQuery: onEditQuery,
-        onEditVariables: onEditVariables
-        <% end %>
-      }),
-      document.getElementById("graphiql-container")
-    );
-    </script>
+    <%= content_tag :div, 'Loading...', id: 'graphiql-container', data: {
+      graphql_endpoint_path: graphql_endpoint_path,
+      initial_query: GraphiQL::Rails.config.initial_query,
+      logo: GraphiQL::Rails.config.logo,
+      headers: GraphiQL::Rails.config.resolve_headers(self),
+      query_params: GraphiQL::Rails.config.query_params
+    } %>
   </body>
 </html>
author	Stan Hu <stanhu@gmail.com>	2019-09-10 07:01:49 -0700
committer	Stan Hu <stanhu@gmail.com>	2019-09-10 07:01:49 -0700
commit	67f91d49a5d765ace2e1673cc6dcc32f61707e22 (patch)
tree	99f0d51a60099d66435fad9e976d525e170733f8
parent	35d95a313d6746a4a782c0e5c31f44c126a958b6 (diff)
download	gitlab-ce-ac-fix-graphiql-csp.tar.gz