search

emory-libraries / blacklight-catalog

1 stars 2 forks source link

Check Alma integrations #1304

Closed rotated8 closed 1 year ago

rotated8 commented 1 year ago

Review code for integrations with Alma and ensure they rely on the secrets configuration.

abelemlih commented 1 year ago

@rotated8 The env variables I inspected were:

ALMA
ALMA_API_URL
ALMA_BIB_KEY
ALMA_BASE_URL
ALMA_USER_KEY

I only found one use of the env variable ALMA that did not use the value from the .env file, and rather had the value hard-coded (frame_ancestors value below):

# Path: /Users/abeleml/Desktop/blacklight-catalog/config/initializers/secure_headers.rb
csp_policy = {
  default_src: SecureHeaders::OPT_OUT,
  frame_ancestors: %w['self' https://*.emory.edu https://na03.alma.exlibrisgroup.com],
  script_src: SecureHeaders::OPT_OUT
}

Everywhere else in the code base, we are using the env variables highlighted above. Let me know if there is anything else I need to complete before I can close this ticket.

rotated8 commented 1 year ago

Thanks, LGTM.