Revert "chore: add integrity attribute to external links (#2215)"

This reverts commit e730666.

config/runtime.exs

@@ -222,7 +222,7 @@ case config_env() do
              [
                "default-src 'none'",
                "img-src 'self' cdn.mbta.com #{System.get_env("STATIC_HOST", "")} #{System.get_env("CMS_API_BASE_URL", "")} px.ads.linkedin.com www.linkedin.com www.facebook.com *.google.com *.googleapis.com *.gstatic.com *.s3.amazonaws.com data: i.ytimg.com www.googletagmanager.com *.arcgis.com",
-               "style-src 'self' 'unsafe-inline' www.gstatic.com #{System.get_env("STATIC_HOST", "")}",
+               "style-src 'self' 'unsafe-inline' www.gstatic.com #{System.get_env("STATIC_HOST", "")} cdn.jsdelivr.net",
                "script-src 'self' 'unsafe-eval' 'unsafe-inline' #{System.get_env("STATIC_HOST", "")} insitez.blob.core.windows.net snap.licdn.com connect.facebook.net www.instagram.com www.google-analytics.com *.google.com www.gstatic.com www.googletagmanager.com *.googleapis.com data.mbta.com *.arcgis.com",
                "font-src 'self' #{System.get_env("STATIC_HOST", "")}",
                "connect-src 'self' wss://#{host} #{sentry_dsn_host || ""} *.googleapis.com analytics.google.com www.google-analytics.com www.google.com px.ads.linkedin.com stats.g.doubleclick.net *.arcgis.com *.s3.amazonaws.com",

lib/dotcom/body_tag.ex

@@ -9,7 +9,17 @@ defmodule Dotcom.BodyTag do
     UI elements.
   """
 
-  def class_name(conn) do
+  alias PhoenixHTMLHelpers.Tag
+
+  @spec render(Plug.Conn.t()) :: Phoenix.HTML.Safe.t()
+  def render(conn) do
+    Tag.tag(
+      :body,
+      class: class_name(conn)
+    )
+  end
+
+  defp class_name(conn) do
     [
       javascript_class(),
       mticket_class(conn),

lib/dotcom_web.ex

@@ -75,7 +75,6 @@ defmodule DotcomWeb do
           project_path: 3,
           project_update_path: 3,
           project_update_path: 4,
-          static_integrity: 2,
           static_url: 2
         ]
 
@@ -136,11 +135,11 @@ defmodule DotcomWeb do
       use MbtaMetro
 
       import DotcomWeb.{Components, ErrorHelpers}
-      import DotcomWeb.Router.Helpers, except: [static_url: 2]
       import Phoenix.{HTML, LiveView.Helpers, View}
       import PhoenixHTMLHelpers.Form, except: [label: 1]
       import PhoenixHTMLHelpers.{Format, Link, Tag}
 
+      alias DotcomWeb.Router.Helpers
       alias Phoenix.LiveView.JS
 
       # Routes generation with the ~p sigil

lib/dotcom_web/live/admin.ex

@@ -8,12 +8,12 @@ defmodule DotcomWeb.Live.Admin do
        :admin_features,
        [
          %{
-           url: live_path(socket, DotcomWeb.Live.Admin.TripPlanFeedback),
+           url: Helpers.live_path(socket, DotcomWeb.Live.Admin.TripPlanFeedback),
            title: "Trip Planner Feedback",
            description: "Find and download the latest comments and votes."
          },
          %{
-           url: live_path(socket, DotcomWeb.Live.TripPlanner),
+           url: Helpers.live_path(socket, DotcomWeb.Live.TripPlanner),
            title: "Trip Planner Preview",
            description: "WIP on the trip planner rewrite."
          }

lib/dotcom_web/templates/fare/proposed_sales_locations.html.heex

@@ -33,11 +33,7 @@
         <script defer src={"#{Application.get_env(:dotcom, :webpack_path)}/tnm.js"}>
         </script>
       <% else %>
-        <script
-          defer
-          src={static_url(@conn, "/js/tnm.js")}
-          integrity={static_integrity(@conn, "/js/tnm.js")}
-        >
+        <script defer src={static_url(@conn, "/js/tnm.js")}>
         </script>
       <% end %>
     </div>

lib/dotcom_web/templates/fare/retail_sales_locations.html.heex

@@ -18,11 +18,7 @@
         <script defer src={"#{Application.get_env(:dotcom, :webpack_path)}/tnm.js"}>
         </script>
       <% else %>
-        <script
-          defer
-          src={static_url(@conn, "/js/tnm.js")}
-          integrity={static_integrity(@conn, "/js/tnm.js")}
-        >
+        <script defer src={static_url(@conn, "/js/tnm.js")}>
         </script>
       <% end %>
     </div>

lib/dotcom_web/templates/layout/_google_translate_plugin.html.eex

@@ -13,4 +13,4 @@
       layout: null, gaTrack: true, gaId: <%= tag_id %>}, "google_translate_element");
   }
 </script>
-<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit" integrity={static_integrity(@conn, "//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit")}></script>
+<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>

lib/dotcom_web/templates/layout/admin.html.heex

@@ -8,7 +8,7 @@
 <div class="container" style="background-color: white; min-height: 50vh; padding-top: 2rem">
   <%= if @socket.view !== DotcomWeb.Live.Admin do %>
     <%= link([fa("arrow-left", class: "fa-fw"), "Back to admin panel"],
-      to: live_path(@socket, DotcomWeb.Live.Admin),
+      to: Helpers.live_path(@socket, DotcomWeb.Live.Admin),
       class: "btn btn-secondary btn-sm"
     ) %>
     <hr />

lib/dotcom_web/templates/layout/root.html.eex

@@ -0,0 +1,116 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <%= csrf_meta_tag() %>
+    <% meta_description = assigns[:meta_description] || "Official website of the MBTA -- schedules, maps, and fare information for Greater Boston's public transportation system, including subway, commuter rail, bus routes, and boat lines." %>
+    <meta name="description" content="<%= Phoenix.HTML.raw(meta_description) %>">
+    <meta name="author" content="Massachusetts Bay Transportation Authority">
+    <meta name="theme-color" content="#165c96">
+
+    <%= # hide any page in /org directory from search engines
+    if @conn.request_path == "/org" || String.slice(@conn.request_path, 0..4) == "/org/" do %>
+      <meta name="robots" content="noindex, nofollow">
+    <% end %>
+    <%= # hide any page in /charlie directory from search engines
+    if @conn.request_path == "/charlie" || String.slice(@conn.request_path, 0..8) == "/charlie/" do %>
+      <meta name="robots" content="noindex, nofollow">
+    <% end %>
+    <%= # hide any page in /policies/terms-use-charlie directory from search engines
+    if @conn.request_path == "/policies/terms-use-charlie" || String.slice(@conn.request_path, 0..26) == "/policies/terms-use-charlie" do %>
+      <meta name="robots" content="noindex, nofollow">
+    <% end %>
+    <% title = if Phoenix.Controller.view_template(@conn) == "404.html", do: "Page Not Found | MBTA - Massachusetts Bay Transportation Authority", else: title_breadcrumbs(@conn) %>
+    <title><%= title %></title>
+    <link rel="apple-touch-icon" href="<%= static_url(@conn, "/apple-touch-icon.png") %>" type="image/png">
+    <link rel="icon" href="<%= static_url(@conn, "/images/mbta-logo-t-favicon.png") %>" sizes="32x32" type="image/png">
+    <link rel="icon" href="<%= static_url(@conn, "/favicon.ico") %>" sizes="16x16" type="image/vnd.microsoft.icon">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.css">
+
+    <%= if google_tag_manager_id() do %>
+      <link rel="preconnect" href="//www.google-analytics.com">
+    <% end %>
+
+    <link rel="alternate" type="application/rss+xml" title="MBTA.com Latest News" href="/news/rss.xml" />
+
+    <%= if Application.get_env(:sentry, :js_dsn) do %>
+      <script>
+        window.sentry = {
+          dsn: "<%= Application.get_env(:sentry, :js_dsn) %>",
+          environment: "<%= Application.get_env(:sentry, :environment_name) %>"
+        }
+      </script>
+    <% end %>
+
+    <%= if Application.get_env(:dotcom, :dev_server?) do %>
+      <link rel="stylesheet" href="<%= "#{Application.get_env(:dotcom, :webpack_path)}/css/core.css" %>">
+      <link rel="stylesheet" href="<%= "#{Application.get_env(:dotcom, :webpack_path)}/css/app.css" %>">
+      <script defer src="<%= "#{Application.get_env(:dotcom, :webpack_path)}/core.js" %>"></script>
+      <script defer src="<%= "#{Application.get_env(:dotcom, :webpack_path)}/app.js" %>"></script>
+    <% else %>
+      <link rel="stylesheet" href="<%= static_url(@conn, "/css/core.css") %>">
+      <link rel="stylesheet" href="<%= static_url(@conn, "/css/app.css") %>">
+      <script defer src="<%= static_url(@conn, "/js/vendors.js") %>"></script>
+      <script defer src="<%= static_url(@conn, "/js/app.js") %>"></script>
+    <% end %>
+  </head>
+  <%= Dotcom.BodyTag.render(@conn) %>
+    <div class="body-wrapper" id="body-wrapper">
+      <a href="#main" class="sr-only sr-only-focusable">Skip to main content</a>
+      <%= DotcomWeb.PartialView.render "_hidden_icons.html", conn: @conn %>
+      <%= render "_new_header.html", @conn |> Plug.Conn.assign(:page, get_page_classes(Phoenix.Controller.view_module(@conn), Phoenix.Controller.view_template(@conn))) |> forward_assigns %>
+      <%= if assigns[:banner_template] do %>
+        <div class="announcement-container <%= assigns[:banner_class] %>">
+          <div class="container">
+            <%= render __MODULE__, @banner_template, assigns %>
+          </div>
+        </div>
+      <% end %>
+      <%= if assigns[:breadcrumbs] do %>
+        <div class="breadcrumb-container">
+          <div class="container">
+            <%= breadcrumb_trail(@conn) %>
+          </div>
+        </div>
+      <% end %>
+      <div id="mobile-app-banner" style="background: #DCD3E8; display: none; margin: 0; padding: 10px; text-align: center">
+        <a href="https://mbta.com/app" rel="noreferrer" style="color: black; display: block" target="_blank">
+          Sign up to test the new <strong>MBTA app &#x2192;</strong>
+        </a>
+      </div>
+      <%= if assigns[:search_header?] do %>
+        <%= render "_searchbar.html", assigns %>
+      <% end %>
+      <div class="page-container <%= get_page_classes(Phoenix.Controller.view_module(@conn), Phoenix.Controller.view_template(@conn)) %>">
+        <%= content_tag :main, @inner_content, id: "main", tabindex: -1 %>
+      </div> <%# /container %>
+      <%= render __MODULE__, "_footer.html", conn: @conn %>
+
+      <%# Show a warning when browser is Internet Explorer %>
+      <%= if Application.get_env(:dotcom, :dev_server?) do %>
+        <script defer src="<%= "#{Application.get_env(:dotcom, :webpack_path)}/iewarning.js" %>"></script>
+      <% else %>
+        <script defer src="<%= static_url(@conn, "/js/react.js") %>"></script>
+        <script defer src="<%= static_url(@conn, "/js/iewarning.js") %>"></script>
+      <% end %>
+      <div id="ie-warning" class="c-ie-warning"></div>
+    </div>
+
+    <%= if google_tag_manager_id() do %>
+      <!-- Google Tag Manager (noscript) -->
+      <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=<%= google_tag_manager_id()%>&gtm_auth=<%= google_tag_manager_auth() %>&gtm_preview=<%= google_tag_manager_preview() %>&gtm_cookies_win=x"
+      height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
+      <!-- End Google Tag Manager (noscript) -->
+      <!-- Google Tag Manager -->
+      <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+        'https://www.googletagmanager.com/gtm.js?id='+i+dl+ '&gtm_auth=<%= google_tag_manager_auth() %>&gtm_preview=<%= google_tag_manager_preview() %>&gtm_cookies_win=x';f.parentNode.insertBefore(j,f);
+        })(window,document,'script','dataLayer','<%= google_tag_manager_id() %>');
+      </script>
+      <!-- End Google Tag Manager -->
+    <% end %>
+  </body>
+</html>