v2.9 - Update importing fonts.googleapis.com to use SSL #4219
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jarednorman
approved these changes
Dec 1, 2021
|
Not sure, but could it be related to #4048? |
|
That was my suspicion. |
Noah-Silvera
force-pushed
the
v2.9-fix-frontend-scss-font-url-import
branch
from
27895db to
d24134c
Compare
|
I think that is the problem. I ported over the relevant commit from that PR, and we'll see if the tests pass. |
Noah-Silvera
force-pushed
the
v2.9-fix-frontend-scss-font-url-import
branch
from
d24134c to
d07f5c2
Compare
|
Just fixed an inaccurate message in the first commit that referenced the wrong rails version. These tests are breaking because rails 5.2.6 introduced the security patch, not rails 6.0.3.7, like the commit originally said. |
tvdeyen
approved these changes
Apr 20, 2022
waiting-for-dev
force-pushed
the
v2.9-fix-frontend-scss-font-url-import
branch
from
d07f5c2 to
fdc732d
Compare
On 23/11/2021, google started to require ssl to access `//fonts.googleapis.com/css`, causing the import in the solidus frontend stylesheet to fail in CI. This breaks solidus and tests that run against the solidus_frontend. We can resolve this by explicitly using the https protocol. Error example: app.circleci.com/pipelines/github/solidusio/solidus/2791/workflows/e62ff646-9ae6-4e65-b20f-e1f7a109d3a1/jobs/26572 Blocking of this URL in testing_support was updated to bring it inline with how url's are blacklisted in future solidus versions. Even though solidus 2.9 is at end of life, some solidus extensions still test and maintain support against this version of solidus, such as SuperGoodSoft/solidus_taxjar. Co-authored-by: Ryan Woods <[email protected]>
Rails 5.2.6 introduced a security fix, that forces us to use symbols in polymorphic paths. Port of this original commit: solidusio@bc06da5 Co-authored-by: Thomas von Deyen <[email protected]>
waiting-for-dev
force-pushed
the
v2.9-fix-frontend-scss-font-url-import
branch
from
fdc732d to
c459403
Compare
|
I tried to re-run CI, but, for some reason, it fails to clone a repository:
Does anybody have a clue about the reason? |
|
Closing it. CI is mysteriously failing, and v2.9 is not supported anyway. If someone needs it and has the time to look into it, for me, it's not an issue to reopen and merge it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
On 23/11/2021, google started to require ssl to access
//fonts.googleapis.com/css, causing the import in the solidus frontend stylesheet to fail in CI. This breaks solidus and tests that run against the solidus_frontend. We can resolve this by explicitly using the https protocol.Error example:
https://app.circleci.com/pipelines/github/solidusio/solidus/2791/workflows/e62ff646-9ae6-4e65-b20f-e1f7a109d3a1/jobs/26572
Blocking of this URL in testing_support was updated to bring it inline
with how url's are blacklisted in future solidus versions.
Even though solidus 2.9 is at end of life, some solidus extensions still test and maintain support against this version of solidus, such as SuperGoodSoft/solidus_taxjar, so it's important to continue to enable that testing.
This PR was based off the three PRs that cover actively maintained solidus versions created by @RyanofWoods
Checklist: