Merge branch 'issue_31747' into 'master'

Remove show.html.erb as Rails 5 now supports nonce-based CSP headers See merge request gitlab-org/gitlab!75998

Merge branch 'issue_31747' into 'master'
Remove show.html.erb as Rails 5 now supports nonce-based CSP headers See merge request gitlab-org/gitlab!75998
66b218d2 · Stan Hu · ff53a49b · 2eb42bde · 66b218d2 · 66b218d2
Commit 66b218d2 authored Jan 13, 2022 by Stan Hu
4 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -98,10 +98,7 @@ gem 'rack-cors', '~> 1.0.6', require: 'rack/cors'

 # GraphQL API
 gem 'graphql', '~> 1.11.10'
-# NOTE: graphiql-rails v1.5+ doesn't work: https://gitlab.com/gitlab-org/gitlab/issues/31771
-# TODO: remove app/views/graphiql/rails/editors/show.html.erb when https://github.com/rmosolgo/graphiql-rails/pull/71 is released:
-# https://gitlab.com/gitlab-org/gitlab/issues/31747
-gem 'graphiql-rails', '~> 1.4.10'
+gem 'graphiql-rails', '~> 1.8'
 gem 'apollo_upload_server', '~> 2.1.0'
 gem 'graphql-docs', '~> 1.6.0', group: [:development, :test]
 gem 'graphlient', '~> 0.4.0' # Used by BulkImport feature (group::import)

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -561,7 +561,7 @@ GEM
    grape_logging (1.8.3)
      grape
      rack
-    graphiql-rails (1.4.10)
+    graphiql-rails (1.8.0)
      railties
      sprockets-rails
    graphlient (0.4.0)
@@ -1498,7 +1498,7 @@ DEPENDENCIES
  grape-entity (~> 0.10.0)
  grape-path-helpers (~> 1.7.0)
  grape_logging (~> 1.7)
-  graphiql-rails (~> 1.4.10)
+  graphiql-rails (~> 1.8)
  graphlient (~> 0.4.0)
  graphql (~> 1.11.10)
  graphql-docs (~> 1.6.0)

--- a/app/views/graphiql/rails/editors/show.html.erb
+++ b/app/views/graphiql/rails/editors/show.html.erb
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>GraphiQL</title>
-    <%= stylesheet_link_tag("graphiql/rails/application") %>
-    <%# TODO: This file was included to fix a CSP failure. Please remove when https://github.com/rmosolgo/graphiql-rails/pull/71 will be released %>
-    <%= javascript_include_tag("graphiql/rails/application", nonce: true) %>
-  </head>
-  <body>
-    <div id="graphiql-container">
-      Loading...
-    </div>
-    <%= javascript_tag nonce: true do -%>
-    var parameters = {};
-
-    <% if GraphiQL::Rails.config.query_params %>
-    // Parse the search string to get url parameters.
-    var search = window.location.search;
-    search.substr(1).split('&').forEach(function (entry) {
-     var eq = entry.indexOf('=');
-     if (eq >= 0) {
-       parameters[decodeURIComponent(entry.slice(0, eq))] =
-         decodeURIComponent(entry.slice(eq + 1));
-     }
-    });
-    // if variables was provided, try to format it.
-    if (parameters.variables) {
-     try {
-       parameters.variables =
-         JSON.stringify(JSON.parse(parameters.variables), null, 2);
-     } catch (e) {
-       // Do nothing, we want to display the invalid JSON as a string, rather
-       // than present an error.
-     }
-    }
-    // When the query and variables string is edited, update the URL bar so
-    // that it can be easily shared
-    function onEditQuery(newQuery) {
-     parameters.query = newQuery;
-     updateURL();
-    }
-    function onEditVariables(newVariables) {
-     parameters.variables = newVariables;
-     updateURL();
-    }
-    function updateURL() {
-     var newSearch = '?' + Object.keys(parameters).map(function (key) {
-       return encodeURIComponent(key) + '=' +
-         encodeURIComponent(parameters[key]);
-     }).join('&');
-     history.replaceState(null, null, newSearch);
-    }
-    <% end %>
-
-    // Defines a GraphQL fetcher using the fetch API.
-    var graphQLEndpoint = "<%= graphql_endpoint_path %>";
-    function graphQLFetcher(graphQLParams) {
-      return fetch(graphQLEndpoint, {
-        method: 'post',
-        headers: <%= raw JSON.pretty_generate(GraphiQL::Rails.config.resolve_headers(self)) %>,
-        body: JSON.stringify(graphQLParams),
-        credentials: 'include',
-      }).then(function(response) {
-        return response.text();
-      }).then(function(text) {
-        try {
-            return JSON.parse(text);
-        } catch(error) {
-            return {
-              "message": "The server responded with invalid JSON, this is probably a server-side error",
-              "response": text,
-            };
-        }
-      })
-    }
-
-    <% if GraphiQL::Rails.config.initial_query %>
-    var defaultQuery = "<%= GraphiQL::Rails.config.initial_query.gsub("\n", '\n').gsub('"', '\"').html_safe %>";
-    <% else %>
-    var defaultQuery = undefined
-    <% end %>
-
-    // Render <GraphiQL /> into the body.
-    ReactDOM.render(
-      React.createElement(GraphiQL, {
-        fetcher: graphQLFetcher,
-        defaultQuery: defaultQuery,
-        <% if GraphiQL::Rails.config.query_params %>
-        query: parameters.query,
-        variables: parameters.variables,
-        onEditQuery: onEditQuery,
-        onEditVariables: onEditVariables
-        <% end %>
-      }),
-      document.getElementById("graphiql-container")
-    );
-    <% end -%>
-  </body>
-</html>
--- a/spec/features/graphiql_spec.rb
+++ b/spec/features/graphiql_spec.rb
@@ -9,7 +9,7 @@ RSpec.describe 'GraphiQL' do
    end

    it 'has the correct graphQLEndpoint' do
-      expect(page.body).to include('var graphQLEndpoint = "/api/graphql";')
+      expect(page.body).to include('<div id="graphiql-container" data-graphql-endpoint-path="/api/graphql"')
    end
  end

@@ -26,7 +26,7 @@ RSpec.describe 'GraphiQL' do
    end

    it 'has the correct graphQLEndpoint' do
-      expect(page.body).to include('var graphQLEndpoint = "/gitlab/root/api/graphql";')
+      expect(page.body).to include('<div id="graphiql-container" data-graphql-endpoint-path="/gitlab/root/api/graphql"')
    end
  end
 end