Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor Content-Security-Policy headers building #12322

Merged
merged 5 commits into from
Aug 23, 2024
Merged

refactor Content-Security-Policy headers building #12322

merged 5 commits into from
Aug 23, 2024

Conversation

nijel
Copy link
Member

@nijel nijel commented Aug 23, 2024
edited
Loading

Proposed changes

Checklist

  • Lint and unit tests pass locally with my changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added documentation to describe my feature.
  • I have squashed my commits into logic units.
  • I have described the changes in the commit messages.

Other information

@nijel
chore(middleware): refactor Content-Security-Policy building
c09dff4 
Split it into smaller peaces for better maintenance.
@nijel
fix(middleware): correctly extract authorization URL for OAuth2 backends
ab24a66 
Do not use attributes, but rather rely on methods which will apply
configuration and other sources for building the URL.

Fixes WeblateOrg#12302
Fixes WeblateOrg#12321
@nijel
fix(middleware): avoid injecting blank hostname to CSP
fcb6d5f 
Factor out hostname parsing to a separate method to avoid repeating the
same code.
@nijel
chore(middleware): guard against missing resolver match
9a817c7 
It should not really happen, but this is an error path, so be safe.
@nijel nijel added this to the 5.7.1 milestone Aug 23, 2024
@nijel nijel self-assigned this Aug 23, 2024
@nijel nijel enabled auto-merge (rebase) August 23, 2024 11:31
@nijel
chore(middleware): use literal typing to limit CSP headers
a16c0bd 
This makes it possible to spot typos using mypy.
@nijel nijel requested a review from gersona August 23, 2024 11:38
@codecov Codecov
Copy link

codecov bot commented Aug 23, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 73.91304% with 24 lines in your changes missing coverage. Please review.

Project coverage is 91.14%. Comparing base (8f20b96) to head (a16c0bd).
Report is 6 commits behind head on main.

Files Patch % Lines
weblate/middleware.py 73.91% 20 Missing and 4 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #12322      +/-   ##
==========================================
+ Coverage   91.13%   91.14%   +0.01%     
==========================================
  Files         589      589              
  Lines       60164    60198      +34     
  Branches     9515     9523       +8     
==========================================
+ Hits        54828    54870      +42     
+ Misses       3698     3687      -11     
- Partials     1638     1641       +3
Files Coverage Δ
weblate/middleware.py 80.56% <73.91%> (+6.85%) ⬆️

@nijel nijel merged commit 493d9b1 into WeblateOrg:main Aug 23, 2024
32 of 34 checks passed
@nijel nijel deleted the csp-refactor branch August 23, 2024 13:29
@nijel nijel mentioned this pull request Aug 30, 2024
Closed
2 tasks
@sentry-io Sentry.io
Copy link

sentry-io bot commented Sep 4, 2024

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

  • ‼️ OfflineGenerationError: You have offline compression enabled but key "e965160c6ba68c40c8c9f1b184bd4b314e42141a2ac7fde7b48... /browse/{path}/ View Issue
  • ‼️ OfflineGenerationError: You have offline compression enabled but key "e965160c6ba68c40c8c9f1b184bd4b314e42141a2ac7fde7b48... /browse/{path}/ View Issue
  • ‼️ OfflineGenerationError: You have offline compression enabled but key "e965160c6ba68c40c8c9f1b184bd4b314e42141a2ac7fde7b48... /activity/language/month/en/odio-edit/ View Issue
  • ‼️ OfflineGenerationError: You have offline compression enabled but key "e965160c6ba68c40c8c9f1b184bd4b314e42141a2ac7fde7b48... /activity/language/month/en/odio-edit/ View Issue
  • ‼️ OfflineGenerationError: You have offline compression enabled but key "e965160c6ba68c40c8c9f1b184bd4b314e42141a2ac7fde7b48... /activity/language/month/en/odio-edit/ View Issue

Did you find this useful? React with a 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gersona gersona Awaiting requested review from gersona

Assignees

@nijel nijel

Labels
None yet
Projects
None yet
Milestone
5.7.1
Development

Successfully merging this pull request may close these issues.

Automatic configuration of Content Security Policy form-action for Social Auth Azure AD Backends not working
1 participant
@nijel