Commit d198363c authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch 'ac-fix-graphiql-csp' into 'master'

Fix graphql-explorer CSP violation

See merge request gitlab-org/gitlab-ce!32882
parents d20ce7de ce201834
......@@ -84,7 +84,9 @@ gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
# GraphQL API
gem 'graphql', '~> 1.9.11'
gem 'graphiql-rails', '~> 1.4.10'
# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released
# https://gitlab.com/gitlab-org/gitlab-ce/issues/67263
gem 'graphiql-rails', '~> 1.7.0'
gem 'apollo_upload_server', '~> 2.0.0.beta3'
gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
......
......@@ -398,7 +398,7 @@ GEM
rake (~> 12)
grape_logging (1.7.0)
grape
graphiql-rails (1.4.10)
graphiql-rails (1.7.0)
railties
sprockets-rails
graphql (1.9.11)
......@@ -1142,7 +1142,7 @@ DEPENDENCIES
grape-entity (~> 0.7.1)
grape-path-helpers (~> 1.1)
grape_logging (~> 1.7)
graphiql-rails (~> 1.4.10)
graphiql-rails (~> 1.7.0)
graphql (~> 1.9.11)
graphql-docs (~> 1.6.0)
grpc (~> 1.19.0)
......
<!DOCTYPE html>
<html>
<head>
<title><%= GraphiQL::Rails.config.title || 'GraphiQL' %></title>
<%= stylesheet_link_tag("graphiql/rails/application") %>
<%= javascript_include_tag("graphiql/rails/application", nonce: true) %>
</head>
<body>
<%= content_tag :div, 'Loading...', id: 'graphiql-container', data: {
graphql_endpoint_path: graphql_endpoint_path,
initial_query: GraphiQL::Rails.config.initial_query,
logo: GraphiQL::Rails.config.logo,
headers: GraphiQL::Rails.config.resolve_headers(self),
query_params: GraphiQL::Rails.config.query_params
} %>
</body>
</html>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment