From 07a044b6cfa7f9fbee0482dea7d8b73c33fb7065 Mon Sep 17 00:00:00 2001
From: Mingfei Shao <mshao1@uchicago.edu>
Date: Fri, 15 Dec 2023 10:56:59 -0600
Subject: [PATCH 1/2] add guppy csrf

---
 kube/services/revproxy/gen3.nginx.conf/guppy-service.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf b/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf
index db2de5886..94ad5cb1d 100644
--- a/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf
+++ b/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf
@@ -1,4 +1,8 @@
           location /guppy/ {
+              if ($csrf_check !~ ^ok-\S.+$) {
+                return 403 "failed csrf check";
+              }
+              
               proxy_connect_timeout 600s;
               proxy_send_timeout 600s;
               proxy_read_timeout 600s;

From 8a8568628e87fa963547b43901b09e6eaf706ca5 Mon Sep 17 00:00:00 2001
From: Mingfei Shao <mshao1@uchicago.edu>
Date: Mon, 18 Dec 2023 15:40:11 -0600
Subject: [PATCH 2/2] update msg

---
 kube/services/revproxy/gen3.nginx.conf/guppy-service.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf b/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf
index 94ad5cb1d..e6d66ec12 100644
--- a/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf
+++ b/kube/services/revproxy/gen3.nginx.conf/guppy-service.conf
@@ -1,6 +1,6 @@
           location /guppy/ {
               if ($csrf_check !~ ^ok-\S.+$) {
-                return 403 "failed csrf check";
+                return 403 "failed csrf check, make sure data-portal version >= 2023.12 or >= 5.19.0";
               }
               
               proxy_connect_timeout 600s;