Merge branch 'main' into sammysteiner/35-add-honeypot-to-forms

navapbc · Jun 28, 2024 · 439830f · 439830f
2 parents d910d99 + 4220508
commit 439830f
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/.github/workflows/ci-app-rails.yml b/.github/workflows/ci-app-rails.yml
@@ -31,7 +31,7 @@ jobs:
         run: |
           touch ./app-rails/.env
 
-      - run: make lint
+      - run: make lint-ci
 
   test:
     name: Test

diff --git a/app-rails/config/environments/development.rb b/app-rails/config/environments/development.rb
@@ -67,7 +67,7 @@
   config.assets.quiet = true
 
   # Allow web_console to render when triggered from the rails app running locally in a docker container.
-  config.web_console.permissions = ["192.168.0.0/16", "172.16.0.0/16", "10.0.0.0/8"]
+  config.web_console.permissions = [ "192.168.0.0/16", "172.16.0.0/16", "10.0.0.0/8" ]
 
   # Raises error for missing translations.
   # config.i18n.raise_on_missing_translations = true

diff --git a/app-rails/config/environments/production.rb b/app-rails/config/environments/production.rb
@@ -57,7 +57,7 @@
   # Exclude healthcheck endpoint from force SSL since healthchecks should not go through
   # the reverse proxy.
   # See https://api.rubyonrails.org/classes/ActionDispatch/SSL.html
-  config.ssl_options = { redirect: { exclude: -> request { /health/.match?(request.path) } } }
+  config.ssl_options = { redirect: { exclude: ->(request) { /health/.match?(request.path) } } }
 
   # Log to STDOUT by default
   config.logger = ActiveSupport::Logger.new(STDOUT)

diff --git a/docs/app-rails/application-security.md b/docs/app-rails/application-security.md
@@ -55,7 +55,7 @@ There is currently no file upload or download functionality at this time, so ple
 - [x] Filter log entries so they do not include passwords or secrets
     - Note:  Log filtering is set in  [filter_parameter_logging.rb](app-rails/config/initializers/filter_parameter_logging.rb): `:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn`.
 - [x] Use the correct Ruby REGEX: `\A` and `\z` and not the more common: `/^` and `$/`.
-- [ ] Add `multiline: true` to regex `format:` in validations.
+    - Note: If there is a need to use `/^` and `$/` in the regex, add `multiline: true` to regex `format:` in validations.
 - [x] When searching for data belonging to the user, search using Active Record from the user and not from the target data object. ie. Instead of doing: `@task = Task.find(params[:id])`, instead do: `@user.tasks.find(params[:id])`. 
     - Note: This application is also using [pundit](https://github.com/varvet/pundit) to support resource authorization.