From dff46b260b2f7d765d254c84a4b89105c7de5e97 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 19 Aug 2019 20:36:44 +0200 Subject: [PATCH 1/3] Fix ignoring whole status because of one invalid hashtag (#11621) Fix #11618 --- app/models/tag.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/tag.rb b/app/models/tag.rb index 5094d973d..945e3a3c6 100644 --- a/app/models/tag.rb +++ b/app/models/tag.rb @@ -114,7 +114,7 @@ class Tag < ApplicationRecord class << self def find_or_create_by_names(name_or_names) Array(name_or_names).map(&method(:normalize)).uniq { |str| str.mb_chars.downcase.to_s }.map do |normalized_name| - tag = matching_name(normalized_name).first || create(name: normalized_name) + tag = matching_name(normalized_name).first || create!(name: normalized_name) yield tag if block_given? From 8203e24cf40ac9ffa15f85b791b07e04756051c9 Mon Sep 17 00:00:00 2001 From: ThibG Date: Mon, 19 Aug 2019 20:36:58 +0200 Subject: [PATCH 2/3] Fix CSP needlessly allowing blob URLs in script-src (#11620) --- config/initializers/content_security_policy.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 2dbc15a8d..af7d16aaf 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -31,10 +31,12 @@ Rails.application.config.content_security_policy do |p| webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" } p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls - p.script_src :self, :blob, :unsafe_inline, :unsafe_eval, assets_host + p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host + p.worker_src :self, :blob, assets_host else p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url - p.script_src :self, :blob, assets_host + p.script_src :self, assets_host + p.worker_src :self, :blob, assets_host end end From 97af209c3113926534fe8c5adb7ad51fa4527cbe Mon Sep 17 00:00:00 2001 From: ThibG Date: Tue, 20 Aug 2019 02:19:01 +0200 Subject: [PATCH 3/3] Revert "Bump react-redux-loading-bar from 4.0.8 to 4.4.0 (#11609)" (#11625) This reverts commit 2e44b81166cab3511fe505b11b8a90cadd773a05. --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 8f050d042..ffd6a4a63 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "react-notification": "^6.8.4", "react-overlays": "^0.8.3", "react-redux": "^7.1.0", - "react-redux-loading-bar": "^4.4.0", + "react-redux-loading-bar": "^4.0.8", "react-router-dom": "^4.1.1", "react-router-scroll-4": "^1.0.0-beta.1", "react-select": "^2.4.4", diff --git a/yarn.lock b/yarn.lock index f28698c47..02b0a9336 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8523,10 +8523,10 @@ react-overlays@^0.8.3: react-transition-group "^2.2.0" warning "^3.0.0" -react-redux-loading-bar@^4.4.0: - version "4.4.0" - resolved "https://registry.yarnpkg.com/react-redux-loading-bar/-/react-redux-loading-bar-4.4.0.tgz#630f1e3ada7a15d461021d58d8ea935901dba104" - integrity sha512-kcR+wT2eA3+bQD7Gpn7KcHcnANHkayLQGiePEU4JFnLq6sQqjlcE3n8DAUEGjTV+T+Gwlt3rMq/zfImq5yc0PA== +react-redux-loading-bar@^4.0.8: + version "4.0.8" + resolved "https://registry.yarnpkg.com/react-redux-loading-bar/-/react-redux-loading-bar-4.0.8.tgz#e84d59d1517b79f53b0f39c8ddb40682af648c1b" + integrity sha512-BpR1tlYrYKFtGhxa7nAKc0dpcV33ZgXJ/jKNLpDDaxu2/cCxbkWQt9YlWT+VLw1x/7qyNYY4DH48bZdtmciSpg== dependencies: prop-types "^15.6.2" react-lifecycles-compat "^3.0.2"