From 9028e4ec4014bf4d0d71fe57a3a65ff2d68b7c37 Mon Sep 17 00:00:00 2001
From: Kait Sewell <36549923+K8Sewell@users.noreply.github.com>
Date: Fri, 6 Dec 2024 12:22:41 -0600
Subject: [PATCH] Remove font awesome gem and allow inline (#1465)

* Remove font awesome gem and allow inline

* cover style src elements as well

* rubocop
---
 Gemfile                                       |  1 -
 Gemfile.lock                                  |  3 --
 app/assets/stylesheets/application.scss       |  1 -
 app/javascript/packs/application.js           |  2 +
 app/views/layouts/_header.html.erb            |  2 +-
 .../initializers/content_security_policy.rb   | 43 ++++++++++---------
 6 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/Gemfile b/Gemfile
index 09e823d3b..713dd6097 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,6 @@ gem 'bootsnap', '>= 1.4.2', require: false
 gem 'bootstrap', '~> 4.6'
 gem 'coderay', '~> 1.1', '>= 1.1.3'
 gem 'devise'
-gem 'font-awesome-rails', '~> 4.7', '>= 4.7.0.8'
 gem 'github_changelog_generator'
 gem 'good_job', '~> 3.17'
 gem 'honeybadger', '~> 4.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index e1f83cc88..e4a4e32e4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -194,8 +194,6 @@ GEM
       rake
     fiber-annotation (0.2.0)
     fiber-local (1.0.0)
-    font-awesome-rails (4.7.0.9)
-      railties (>= 3.2, < 9.0)
     fugit (1.11.1)
       et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
@@ -533,7 +531,6 @@ DEPENDENCIES
   devise
   factory_bot_rails
   ffaker
-  font-awesome-rails (~> 4.7, >= 4.7.0.8)
   github_changelog_generator
   good_job (~> 3.17)
   honeybadger (~> 4.0)
diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss
index 12b83bfc6..98371e889 100644
--- a/app/assets/stylesheets/application.scss
+++ b/app/assets/stylesheets/application.scss
@@ -18,7 +18,6 @@
 // @import 'theme/*';
 
 @import 'theme/typography';
-@import "font-awesome";
 
 .main-content{
   min-height: 90vh;
diff --git a/app/javascript/packs/application.js b/app/javascript/packs/application.js
index e2d8f837f..aa4c2f9a6 100644
--- a/app/javascript/packs/application.js
+++ b/app/javascript/packs/application.js
@@ -21,6 +21,8 @@ require("datatables.net-buttons-bs4/css/buttons.bootstrap4.min.css")
 require("datatables.net-select-bs4/css/select.bootstrap4.min.css")
 require("datatables.net-responsive-bs4/css/responsive.bootstrap4.min.css")
 
+import "@fortawesome/fontawesome-free/js/all.js";
+
 //= require jquery3
 //= require popper
 //= require bootstrap-sprockets
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index 9b2290a82..0c6c27ac1 100644
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -4,7 +4,7 @@
       <h1> Yale University Library </h1>
     </div>
     <div class="sub_yale_management_banner">
-      <a target="_blank" rel="noopener" href="https://docs.google.com/document/d/1hTc108JDYLYcXy-TG_KJE4A626-ps59XhkKUFGlnaPQ/edit?usp=sharing">User Guide <i class="fa fa-link"></i></a>
+      <a target="_blank" rel="noopener" href="https://docs.google.com/document/d/1hTc108JDYLYcXy-TG_KJE4A626-ps59XhkKUFGlnaPQ/edit?usp=sharing">User Guide <em class="fa fa-external-link-alt"></em></a>
       <h2>Digital Library Management Portal</h2>
     </div>
   </div>
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 464f91c5c..b790719a1 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -4,29 +4,30 @@
 # Define an application-wide content security policy.
 # See the Securing Rails Applications Guide for more information:
 # https://guides.rubyonrails.org/security.html#content-security-policy-header
-if ENV["RAILS_ENV"] == 'production' || ENV["RAILS_ENV"] == 'staging'
-  Rails.application.configure do
-    config.content_security_policy do |policy|
-      policy.default_src :self, :https
-      policy.font_src    :self, 'static.library.yale.edu'
-      policy.img_src     :self, :https, :data
-      policy.object_src  :none
-      policy.script_src  :self, 'siteimproveanalytics.com'
-      policy.style_src   :self
-      policy.connect_src :self
-      # Specify URI for violation reports
-      unless ENV['CLUSTER_NAME'] == 'local'
-        policy.report_uri lambda {
-                            "https://api.honeybadger.io/v1/browser/csp?api_key=#{ENV['HONEYBADGER_API_KEY_MANAGEMENT']}&report_only=true&env=#{ENV['CLUSTER_NAME']}"
-                          }
-      end
+# if ENV["RAILS_ENV"] == 'production' || ENV["RAILS_ENV"] == 'staging'
+Rails.application.configure do
+  config.content_security_policy do |policy|
+    policy.default_src :self, :https
+    policy.font_src    :self, 'static.library.yale.edu'
+    policy.img_src     :self, :https, :data
+    policy.object_src  :none
+    policy.script_src  :self, :unsafe_inline, 'siteimproveanalytics.com'
+    policy.style_src   :self, :unsafe_inline
+    policy.style_src_elem :self, :unsafe_inline
+    policy.connect_src :self
+    # Specify URI for violation reports
+    unless ENV['CLUSTER_NAME'] == 'local'
+      policy.report_uri lambda {
+                          "https://api.honeybadger.io/v1/browser/csp?api_key=#{ENV['HONEYBADGER_API_KEY_MANAGEMENT']}&report_only=true&env=#{ENV['CLUSTER_NAME']}"
+                        }
     end
+  end
 
-    config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+  config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
 
-    config.content_security_policy_nonce_directives = %w[script-src style-src]
+  # config.content_security_policy_nonce_directives = %w[script-src style-src]
 
-    # Report violations without enforcing the policy.
-    # config.content_security_policy_report_only = true
-  end
+  # Report violations without enforcing the policy.
+  # config.content_security_policy_report_only = true
 end
+# end