-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PPS-588 add guppy csrf #2430
Merged
Merged
PPS-588 add guppy csrf #2430
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,8 @@ | ||
location /guppy/ { | ||
if ($csrf_check !~ ^ok-\S.+$) { | ||
return 403 "failed csrf check"; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. maybe this could say "failed csrf check. Make sure to use guppy version >=x and data-portal version >=y" There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good call, I can update this |
||
} | ||
|
||
proxy_connect_timeout 600s; | ||
proxy_send_timeout 600s; | ||
proxy_read_timeout 600s; | ||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't think we can't merge this 🤔 like you mentioned in the PR description, all the data commons that don't have the latest data-portal and guppy will fail... we need to somehow make this conditional based on the deployed version of portal and guppy, or leave it out for now and merge it in a few months once everyone has deployed the new portal and guppy.
But iirc we need this for a security ticket? if there's a deadline we might have to make everyone upgrade portal and guppy. Not great right before we all go on break 😬 can it be pushed to Jan, or even Feb when the change is included in 2024.02?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah that is true, the process we have formulized is not to merge this right away. The Guppy and Portal changes will be merged, and then the Portal changes will be cherry-picked into the 2023.12 release (no need to update Guppy since the Guppy changes are purely frontend). And Elise will continue her work on updating envs to ES7, which will bring all these envs to Portal 2023.12. After that we then we will merge this cloud-auto PR and re-roll Portal in those envs