Merge branch 'master' into fix/automation-data-test-updates

.github/workflows/budibase_ci.yml

@@ -199,18 +199,22 @@ jobs:
         env:
           DATASOURCE: ${{ matrix.datasource }}
         run: |
-          AFFECTED=$(yarn --silent nx show projects --affected -t test --base=${{ env.NX_BASE_BRANCH }} -p @budibase/server)
-          if [ -n "$AFFECTED" ]; then
-            cd packages/server
-            if [ "${{ matrix.datasource }}" == "none" ]; then
-              yarn test --filter ./src/tests/filters/non-datasource-tests.js --passWithNoTests
-            else
-              yarn test --filter ./src/tests/filters/datasource-tests.js --passWithNoTests
+          if ${{ env.ONLY_AFFECTED_TASKS }}; then
+            AFFECTED=$(yarn --silent nx show projects --affected -t test --base=${{ env.NX_BASE_BRANCH }} -p @budibase/server)
+            if [ -z "$AFFECTED" ]; then
+              echo "No affected tests to run"
+              exit 0
             fi
-          else
-            echo "No affected tests to run"
           fi
 
+          FILTER="./src/tests/filters/datasource-tests.js"
+          if [ "${{ matrix.datasource }}" == "none" ]; then
+            FILTER="./src/tests/filters/non-datasource-tests.js"
+          fi
+
+          cd packages/server
+          yarn test --filter $FILTER --passWithNoTests
+
   check-pro-submodule:
     runs-on: ubuntu-latest
     if: inputs.run_as_oss != true  && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'Budibase/budibase')

packages/backend-core/src/environment.ts

@@ -231,9 +231,6 @@ const environment = {
   MIN_VERSION_WITHOUT_POWER_ROLE:
     process.env.MIN_VERSION_WITHOUT_POWER_ROLE || "3.0.0",
   DISABLE_CONTENT_SECURITY_POLICY: process.env.DISABLE_CONTENT_SECURITY_POLICY,
-  // stopgap migration strategy until we can ensure backwards compat without unsafe-inline in CSP
-  DISABLE_CSP_UNSAFE_INLINE_SCRIPTS:
-    process.env.DISABLE_CSP_UNSAFE_INLINE_SCRIPTS,
 }
 
 export function setEnv(newEnvVars: Partial<typeof environment>): () => void {

packages/backend-core/src/middleware/contentSecurityPolicy.ts

@@ -1,5 +1,4 @@
 import crypto from "crypto"
-import env from "../environment"
 
 const CSP_DIRECTIVES = {
   "default-src": ["'self'"],
@@ -97,10 +96,6 @@ export async function contentSecurityPolicy(ctx: any, next: any) {
       `'nonce-${nonce}'`,
     ]
 
-    if (!env.DISABLE_CSP_UNSAFE_INLINE_SCRIPTS) {
-      directives["script-src"].push("'unsafe-inline'")
-    }
-
     ctx.state.nonce = nonce
 
     const cspHeader = Object.entries(directives)

packages/builder/src/components/common/NavItem.svelte

@@ -84,8 +84,8 @@
   on:mouseleave
   on:click={onClick}
   on:contextmenu
-  ondragover="return false"
-  ondragenter="return false"
+  on:dragover={e => e.preventDefault()}
+  on:dragenter={e => e.preventDefault()}
   {id}
   {style}
   {draggable}

packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/ComponentList/ComponentScrollWrapper.svelte

@@ -68,8 +68,8 @@
   on:scroll
   bind:this={scrollRef}
   on:drop={onDrop}
-  ondragover="return false"
-  ondragenter="return false"
+  on:dragover={e => e.preventDefault()}
+  on:dragenter={e => e.preventDefault()}
 >
   <slot />
 </div>