Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add Authorization header to CORS allowed headers #3178

Merged
merged 1 commit into from
Oct 25, 2024
Merged

fix: Add Authorization header to CORS allowed headers #3178

merged 1 commit into from
Oct 25, 2024

Conversation

fredcarle
Copy link
Collaborator

Relevant issue(s)

Resolves #3177

Description

This PR adds the Authorization header to the CORS list of allowed headers. This bug what flagged from a partner trying to use authorization from a browser app.

Tasks

  • I made sure the code is well commented, particularly hard-to-understand areas.
  • I made sure the repository-held documentation is changed accordingly.
  • I made sure the pull request title adheres to the conventional commit style (the subset used in the project can be found in tools/configs/chglog/config.yml).
  • I made sure to discuss its limitations such as threats to validity, vulnerability to mistake and misuse, robustness to invalidation of assumptions, resource requirements, ...

How has this been tested?

updated unit test with Access-Control-Request-Headers header

Specify the platform(s) on which this was tested:

  • MacOS

@fredcarle fredcarle added the area/api Related to the external API component label Oct 25, 2024
@fredcarle fredcarle added this to the DefraDB v0.15 milestone Oct 25, 2024
@fredcarle fredcarle requested a review from a team October 25, 2024 20:55
@fredcarle fredcarle self-assigned this Oct 25, 2024
nasdf
nasdf approved these changes Oct 25, 2024
View reviewed changes
Copy link
Member

@nasdf nasdf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@codecov Codecov
Copy link

codecov bot commented Oct 25, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.46%. Comparing base (d95c51f) to head (d1b6c0b).
Report is 1 commits behind head on develop.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #3178      +/-   ##
===========================================
- Coverage    77.48%   77.46%   -0.02%     
===========================================
  Files          357      357              
  Lines        34809    34809              
===========================================
- Hits         26969    26962       -7     
- Misses        6229     6236       +7     
  Partials      1611     1611
Flag Coverage Δ
all-tests 77.46% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
http/middleware.go 70.00% <ø> (ø)

... and 14 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d95c51f...d1b6c0b. Read the comment docs.

@fredcarle fredcarle merged commit 12669e4 into sourcenetwork:develop Oct 25, 2024
43 of 44 checks passed
@fredcarle fredcarle deleted the fredcarle/fix/3177-authorization-header branch October 25, 2024 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nasdf nasdf nasdf approved these changes

Assignees

@fredcarle fredcarle

Labels
area/api Related to the external API component
Projects
None yet
Milestone
DefraDB v0.15
Development

Successfully merging this pull request may close these issues.

Authorization header missing from allowed headers for CORS
2 participants
@fredcarle @nasdf