diff options
author | Stan Hu <stanhu@gmail.com> | 2019-09-10 07:01:49 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-09-10 07:01:49 -0700 |
commit | 67f91d49a5d765ace2e1673cc6dcc32f61707e22 (patch) | |
tree | 99f0d51a60099d66435fad9e976d525e170733f8 | |
parent | 35d95a313d6746a4a782c0e5c31f44c126a958b6 (diff) | |
download | gitlab-ce-ac-fix-graphiql-csp.tar.gz |
Update to graphiql-rails v1.7.10ac-fix-graphiql-csp
This fixes the remaining inline JavaScript issues on this page.
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | app/views/graphiql/rails/editors/show.html.erb | 99 |
3 files changed, 12 insertions, 93 deletions
@@ -85,7 +85,7 @@ gem 'rack-cors', '~> 1.0.0', require: 'rack/cors' # GraphQL API gem 'graphql', '~> 1.9.11' # TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released -gem 'graphiql-rails', '~> 1.4.10' +gem 'graphiql-rails', '~> 1.7.0' gem 'apollo_upload_server', '~> 2.0.0.beta3' gem 'graphql-docs', '~> 1.6.0', group: [:development, :test] diff --git a/Gemfile.lock b/Gemfile.lock index 48053e5740e..301b54f9a9f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -398,7 +398,7 @@ GEM rake (~> 12) grape_logging (1.7.0) grape - graphiql-rails (1.4.10) + graphiql-rails (1.7.0) railties sprockets-rails graphql (1.9.11) @@ -1142,7 +1142,7 @@ DEPENDENCIES grape-entity (~> 0.7.1) grape-path-helpers (~> 1.1) grape_logging (~> 1.7) - graphiql-rails (~> 1.4.10) + graphiql-rails (~> 1.7.0) graphql (~> 1.9.11) graphql-docs (~> 1.6.0) grpc (~> 1.19.0) diff --git a/app/views/graphiql/rails/editors/show.html.erb b/app/views/graphiql/rails/editors/show.html.erb index df54b5821ee..abb1ed0e772 100644 --- a/app/views/graphiql/rails/editors/show.html.erb +++ b/app/views/graphiql/rails/editors/show.html.erb @@ -1,99 +1,18 @@ <!DOCTYPE html> <html> <head> - <title>GraphiQL</title> + <title><%= GraphiQL::Rails.config.title || 'GraphiQL' %></title> + <%= stylesheet_link_tag("graphiql/rails/application") %> - <%# TODO: This file was included to fix a CSP failure. Please remove when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released %> <%= javascript_include_tag("graphiql/rails/application", nonce: true) %> </head> <body> - <div id="graphiql-container"> - Loading... - </div> - <script> - var parameters = {}; - - <% if GraphiQL::Rails.config.query_params %> - // Parse the search string to get url parameters. - var search = window.location.search; - search.substr(1).split('&').forEach(function (entry) { - var eq = entry.indexOf('='); - if (eq >= 0) { - parameters[decodeURIComponent(entry.slice(0, eq))] = - decodeURIComponent(entry.slice(eq + 1)); - } - }); - // if variables was provided, try to format it. - if (parameters.variables) { - try { - parameters.variables = - JSON.stringify(JSON.parse(parameters.variables), null, 2); - } catch (e) { - // Do nothing, we want to display the invalid JSON as a string, rather - // than present an error. - } - } - // When the query and variables string is edited, update the URL bar so - // that it can be easily shared - function onEditQuery(newQuery) { - parameters.query = newQuery; - updateURL(); - } - function onEditVariables(newVariables) { - parameters.variables = newVariables; - updateURL(); - } - function updateURL() { - var newSearch = '?' + Object.keys(parameters).map(function (key) { - return encodeURIComponent(key) + '=' + - encodeURIComponent(parameters[key]); - }).join('&'); - history.replaceState(null, null, newSearch); - } - <% end %> - - // Defines a GraphQL fetcher using the fetch API. - var graphQLEndpoint = "<%= graphql_endpoint_path %>"; - function graphQLFetcher(graphQLParams) { - return fetch(graphQLEndpoint, { - method: 'post', - headers: <%= raw JSON.pretty_generate(GraphiQL::Rails.config.resolve_headers(self)) %>, - body: JSON.stringify(graphQLParams), - credentials: 'include', - }).then(function(response) { - return response.text(); - }).then(function(text) { - try { - return JSON.parse(text); - } catch(error) { - return { - "message": "The server responded with invalid JSON, this is probably a server-side error", - "response": text, - }; - } - }) - } - - <% if GraphiQL::Rails.config.initial_query %> - var defaultQuery = "<%= GraphiQL::Rails.config.initial_query.gsub("\n", '\n').gsub('"', '\"').html_safe %>"; - <% else %> - var defaultQuery = undefined - <% end %> - - // Render <GraphiQL /> into the body. - ReactDOM.render( - React.createElement(GraphiQL, { - fetcher: graphQLFetcher, - defaultQuery: defaultQuery, - <% if GraphiQL::Rails.config.query_params %> - query: parameters.query, - variables: parameters.variables, - onEditQuery: onEditQuery, - onEditVariables: onEditVariables - <% end %> - }), - document.getElementById("graphiql-container") - ); - </script> + <%= content_tag :div, 'Loading...', id: 'graphiql-container', data: { + graphql_endpoint_path: graphql_endpoint_path, + initial_query: GraphiQL::Rails.config.initial_query, + logo: GraphiQL::Rails.config.logo, + headers: GraphiQL::Rails.config.resolve_headers(self), + query_params: GraphiQL::Rails.config.query_params + } %> </body> </html> |