From fce59136bdd718de51ea80b8e68e17dffd47d42f Mon Sep 17 00:00:00 2001 From: Murray Steele Date: Wed, 5 Jul 2017 11:16:43 +0000 Subject: [PATCH 1/2] Add BOM remover gem to fix SRI issues on firefox This injects itself into the rails asset pipeline and makes sure that the CSS we compress with sass does not include a BOM if it is a UTF-8 file. Firefox < 52 has a bug in how it calculates SRI hashes for CSS files with a BOM and this gem mitigates that. --- Gemfile | 1 + Gemfile.lock | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/Gemfile b/Gemfile index 5c93f0b16..4eceb1263 100644 --- a/Gemfile +++ b/Gemfile @@ -26,6 +26,7 @@ gem 'govuk_ab_testing', '~> 2.0' gem 'htmlentities', '4.3.4' gem 'statsd-ruby', '1.3.0', require: 'statsd' gem 'dalli' +gem 'asset_bom_removal-rails', '~> 1.0.0' if ENV['API_DEV'] gem 'gds-api-adapters', path: '../gds-api-adapters' diff --git a/Gemfile.lock b/Gemfile.lock index 7647fd47f..a42d25aa1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -47,6 +47,9 @@ GEM nokogiri (>= 1.3.0) robotex (>= 1.0.0) arel (7.1.1) + asset_bom_removal-rails (1.0.0) + rails (>= 4.2) + sass (> 3.4) ast (2.3.0) better_errors (2.1.1) coderay (>= 1.0.0) @@ -280,6 +283,7 @@ PLATFORMS DEPENDENCIES airbrake (~> 5.5) airbrake-ruby (= 1.5) + asset_bom_removal-rails (~> 1.0.0) better_errors binding_of_caller capybara From 1c5ca3cbc5d0e0d640ea8efc42b1ef4e10f7ee4b Mon Sep 17 00:00:00 2001 From: Elena Tanasoiu Date: Wed, 5 Jul 2017 10:55:40 +0000 Subject: [PATCH 2/2] Add SRI attributes to assets This replicates the work in https://github.com/alphagov/government-frontend/pull/331 that we had to revert because of a bug in Firefox < 52. The gem introduced in the previous commit avoids this bug so we are able to deploy these changes. --- app/views/content_items/html_publication.html.erb | 4 ++-- app/views/layouts/application.html.erb | 4 ++-- app/views/shared/_webchat.html.erb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/views/content_items/html_publication.html.erb b/app/views/content_items/html_publication.html.erb index bf93dff30..8eafd1e2a 100644 --- a/app/views/content_items/html_publication.html.erb +++ b/app/views/content_items/html_publication.html.erb @@ -1,7 +1,7 @@ <%- if params[:medium] == 'print' %> - <%= stylesheet_link_tag "print.css", :media => "screen" %> + <%= stylesheet_link_tag "print.css", :media => "screen", integrity: true, crossorigin: 'anonymous' %> <%- else %> - <%= stylesheet_link_tag "print.css", :media => "print" %> + <%= stylesheet_link_tag "print.css", :media => "print", integrity: true, crossorigin: 'anonymous' %> <%- end %> <% diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 41c81e922..a9e70658e 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -2,11 +2,11 @@ <%= yield :title %> - GOV.UK - <%= stylesheet_link_tag "application" %> + <%= stylesheet_link_tag "application", integrity: true, crossorigin: 'anonymous' %> - <%= javascript_include_tag "application" %> + <%= javascript_include_tag "application", integrity: true, crossorigin: 'anonymous' %> <%= csrf_meta_tags %> <%= render partial: 'govuk_component/analytics_meta_tags', locals: { content_item: @content_item.content_item } %> <% if @content_item.description %> diff --git a/app/views/shared/_webchat.html.erb b/app/views/shared/_webchat.html.erb index 7c0dfe877..3eb480a45 100644 --- a/app/views/shared/_webchat.html.erb +++ b/app/views/shared/_webchat.html.erb @@ -16,4 +16,4 @@ <% # This is inline in the source however slimmer will optimize this. %> -<%= javascript_include_tag "webchat" %> +<%= javascript_include_tag "webchat", integrity: true, crossorigin: 'anonymous' %>