Remove font awesome gem and allow inline (#1465)

* Remove font awesome gem and allow inline * cover style src elements as well * rubocop
yalelibrary · Dec 6, 2024 · 9028e4e · 9028e4e
1 parent 87409e1
commit 9028e4e
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 27 deletions.
diff --git a/Gemfile b/Gemfile
@@ -12,7 +12,6 @@ gem 'bootsnap', '>= 1.4.2', require: false
 gem 'bootstrap', '~> 4.6'
 gem 'coderay', '~> 1.1', '>= 1.1.3'
 gem 'devise'
-gem 'font-awesome-rails', '~> 4.7', '>= 4.7.0.8'
 gem 'github_changelog_generator'
 gem 'good_job', '~> 3.17'
 gem 'honeybadger', '~> 4.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -194,8 +194,6 @@ GEM
       rake
     fiber-annotation (0.2.0)
     fiber-local (1.0.0)
-    font-awesome-rails (4.7.0.9)
-      railties (>= 3.2, < 9.0)
     fugit (1.11.1)
       et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
@@ -533,7 +531,6 @@ DEPENDENCIES
   devise
   factory_bot_rails
   ffaker
-  font-awesome-rails (~> 4.7, >= 4.7.0.8)
   github_changelog_generator
   good_job (~> 3.17)
   honeybadger (~> 4.0)

diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss
@@ -18,7 +18,6 @@
 // @import 'theme/*';
 
 @import 'theme/typography';
-@import "font-awesome";
 
 .main-content{
   min-height: 90vh;

diff --git a/app/javascript/packs/application.js b/app/javascript/packs/application.js
@@ -21,6 +21,8 @@ require("datatables.net-buttons-bs4/css/buttons.bootstrap4.min.css")
 require("datatables.net-select-bs4/css/select.bootstrap4.min.css")
 require("datatables.net-responsive-bs4/css/responsive.bootstrap4.min.css")
 
+import "@fortawesome/fontawesome-free/js/all.js";
+
 //= require jquery3
 //= require popper
 //= require bootstrap-sprockets

diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
@@ -4,7 +4,7 @@
       <h1> Yale University Library </h1>
     </div>
     <div class="sub_yale_management_banner">
-      <a target="_blank" rel="noopener" href="https://docs.google.com/document/d/1hTc108JDYLYcXy-TG_KJE4A626-ps59XhkKUFGlnaPQ/edit?usp=sharing">User Guide <i class="fa fa-link"></i></a>
+      <a target="_blank" rel="noopener" href="https://docs.google.com/document/d/1hTc108JDYLYcXy-TG_KJE4A626-ps59XhkKUFGlnaPQ/edit?usp=sharing">User Guide <em class="fa fa-external-link-alt"></em></a>
       <h2>Digital Library Management Portal</h2>
     </div>
   </div>

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
@@ -4,29 +4,30 @@
 # Define an application-wide content security policy.
 # See the Securing Rails Applications Guide for more information:
 # https://guides.rubyonrails.org/security.html#content-security-policy-header
-if ENV["RAILS_ENV"] == 'production' || ENV["RAILS_ENV"] == 'staging'
-  Rails.application.configure do
-    config.content_security_policy do |policy|
-      policy.default_src :self, :https
-      policy.font_src    :self, 'static.library.yale.edu'
-      policy.img_src     :self, :https, :data
-      policy.object_src  :none
-      policy.script_src  :self, 'siteimproveanalytics.com'
-      policy.style_src   :self
-      policy.connect_src :self
-      # Specify URI for violation reports
-      unless ENV['CLUSTER_NAME'] == 'local'
-        policy.report_uri lambda {
-                            "https://api.honeybadger.io/v1/browser/csp?api_key=#{ENV['HONEYBADGER_API_KEY_MANAGEMENT']}&report_only=true&env=#{ENV['CLUSTER_NAME']}"
-                          }
-      end
+# if ENV["RAILS_ENV"] == 'production' || ENV["RAILS_ENV"] == 'staging'
+Rails.application.configure do
+  config.content_security_policy do |policy|
+    policy.default_src :self, :https
+    policy.font_src    :self, 'static.library.yale.edu'
+    policy.img_src     :self, :https, :data
+    policy.object_src  :none
+    policy.script_src  :self, :unsafe_inline, 'siteimproveanalytics.com'
+    policy.style_src   :self, :unsafe_inline
+    policy.style_src_elem :self, :unsafe_inline
+    policy.connect_src :self
+    # Specify URI for violation reports
+    unless ENV['CLUSTER_NAME'] == 'local'
+      policy.report_uri lambda {
+                          "https://api.honeybadger.io/v1/browser/csp?api_key=#{ENV['HONEYBADGER_API_KEY_MANAGEMENT']}&report_only=true&env=#{ENV['CLUSTER_NAME']}"
+                        }
     end
+  end
 
-    config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+  config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
 
-    config.content_security_policy_nonce_directives = %w[script-src style-src]
+  # config.content_security_policy_nonce_directives = %w[script-src style-src]
 
-    # Report violations without enforcing the policy.
-    # config.content_security_policy_report_only = true
-  end
+  # Report violations without enforcing the policy.
+  # config.content_security_policy_report_only = true
 end
+# end