aboutsummaryrefslogtreecommitdiffstats
path: root/config/initializers
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/alaveteli.rb7
-rw-r--r--config/initializers/health_checks.rb23
-rw-r--r--config/initializers/secure_headers.rb24
3 files changed, 52 insertions, 2 deletions
diff --git a/config/initializers/alaveteli.rb b/config/initializers/alaveteli.rb
index 9ea6428ba..2ca85579a 100644
--- a/config/initializers/alaveteli.rb
+++ b/config/initializers/alaveteli.rb
@@ -10,7 +10,7 @@ load "debug_helpers.rb"
load "util.rb"
# Application version
-ALAVETELI_VERSION = '0.19'
+ALAVETELI_VERSION = '0.20.0.0'
# Add new inflection rules using the following format
# (all these examples are active by default):
@@ -44,7 +44,6 @@ require 'world_foi_websites.rb'
require 'alaveteli_external_command.rb'
require 'quiet_opener.rb'
require 'mail_handler'
-require 'public_body_categories'
require 'ability'
require 'normalize_string'
require 'alaveteli_file_types'
@@ -54,6 +53,9 @@ require 'theme'
require 'xapian_queries'
require 'date_quarter'
require 'public_body_csv'
+require 'category_and_heading_migrator'
+require 'public_body_categories'
+require 'routing_filters'
AlaveteliLocalization.set_locales(AlaveteliConfiguration::available_locales,
AlaveteliConfiguration::default_locale)
@@ -62,3 +64,4 @@ AlaveteliLocalization.set_locales(AlaveteliConfiguration::available_locales,
if Rails.env == 'test' and ActiveRecord::Base.configurations['test']['constraint_disabling'] == false
require 'no_constraint_disabling'
end
+
diff --git a/config/initializers/health_checks.rb b/config/initializers/health_checks.rb
new file mode 100644
index 000000000..7fd1d3dda
--- /dev/null
+++ b/config/initializers/health_checks.rb
@@ -0,0 +1,23 @@
+Rails.application.config.after_initialize do
+ user_last_created = HealthChecks::Checks::DaysAgoCheck.new(
+ :failure_message => _('The last user was created over a day ago'),
+ :success_message => _('The last user was created in the last day')) do
+ User.last.created_at
+ end
+
+ incoming_message_last_created = HealthChecks::Checks::DaysAgoCheck.new(
+ :failure_message => _('The last incoming message was created over a day ago'),
+ :success_message => _('The last incoming message was created in the last day')) do
+ IncomingMessage.last.created_at
+ end
+
+ outgoing_message_last_created = HealthChecks::Checks::DaysAgoCheck.new(
+ :failure_message => _('The last outgoing message was created over a day ago'),
+ :success_message => _('The last outgoing message was created in the last day')) do
+ OutgoingMessage.last.created_at
+ end
+
+ HealthChecks.add user_last_created
+ HealthChecks.add incoming_message_last_created
+ HealthChecks.add outgoing_message_last_created
+end
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
new file mode 100644
index 000000000..99730e6b2
--- /dev/null
+++ b/config/initializers/secure_headers.rb
@@ -0,0 +1,24 @@
+::SecureHeaders::Configuration.configure do |config|
+
+ # https://tools.ietf.org/html/rfc6797
+ if AlaveteliConfiguration::force_ssl
+ config.hsts = { :max_age => 20.years.to_i, :include_subdomains => true }
+ else
+ config.hsts = false
+ end
+ # https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02
+ config.x_frame_options = "sameorigin"
+
+ # http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
+ config.x_content_type_options = "nosniff"
+
+ # http://msdn.microsoft.com/en-us/library/dd565647%28v=vs.85%29.aspx
+ config.x_xss_protection = { :value => 1 }
+
+ # https://w3c.github.io/webappsec/specs/content-security-policy/
+ config.csp = false
+
+ # https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions
+ config.x_download_options = false
+end
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-20 02:43:07 +0000