Closed rotated8 closed 1 year ago
@rotated8 The env variables I inspected were:
ALMA
ALMA_API_URL
ALMA_BIB_KEY
ALMA_BASE_URL
ALMA_USER_KEY
I only found one use of the env variable ALMA
that did not use the value from the .env file, and rather had the value hard-coded (frame_ancestors
value below):
# Path: /Users/abeleml/Desktop/blacklight-catalog/config/initializers/secure_headers.rb
csp_policy = {
default_src: SecureHeaders::OPT_OUT,
frame_ancestors: %w['self' https://*.emory.edu https://na03.alma.exlibrisgroup.com],
script_src: SecureHeaders::OPT_OUT
}
Everywhere else in the code base, we are using the env variables highlighted above. Let me know if there is anything else I need to complete before I can close this ticket.
Thanks, LGTM.
Review code for integrations with Alma and ensure they rely on the secrets configuration.