X Tutup
Skip to content

fix: use trusted domains to verify the signature#38465

Merged
DeepDiver1975 merged 3 commits intomasterfrom
chore/logging-signed-url
May 12, 2021
Merged

fix: use trusted domains to verify the signature#38465
DeepDiver1975 merged 3 commits intomasterfrom
chore/logging-signed-url

Conversation

@DeepDiver1975
Copy link
Member

@DeepDiver1975 DeepDiver1975 commented Mar 4, 2021
edited
Loading

Description

In some setups (mainly proxied setups) we cannot rely on the given host and protocol.
In addition to make sure that signed urls work for each and every trusted domain we need to loop all trusted domains.

Motivation and Context

Support more complex setups ...

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@update-docs
Copy link

update-docs bot commented Mar 4, 2021

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@DeepDiver1975
Copy link
Member Author

DeepDiver1975 commented Mar 4, 2021

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

not needed

@DeepDiver1975 DeepDiver1975 force-pushed the chore/logging-signed-url branch from c6bfc17 to 9e65de0 Compare March 5, 2021 14:55
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 5, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@DeepDiver1975 DeepDiver1975 force-pushed the chore/logging-signed-url branch from 9e65de0 to e57ed3b Compare April 20, 2021 23:04
@DeepDiver1975 DeepDiver1975 changed the title chore: add logging to signed url verifier fix: use trusted domains to verify the signature Apr 20, 2021
@DeepDiver1975 DeepDiver1975 self-assigned this Apr 20, 2021
@DeepDiver1975 DeepDiver1975 marked this pull request as ready for review April 20, 2021 23:08
@DeepDiver1975 DeepDiver1975 force-pushed the chore/logging-signed-url branch from e57ed3b to eb53c10 Compare April 21, 2021 09:14
@micbar
Copy link
Contributor

micbar commented Apr 21, 2021

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

not needed

Why?

@DeepDiver1975
Copy link
Member Author

DeepDiver1975 commented Apr 21, 2021

Why?

this started off as a pure debugging pr and by that time there was no need .... not there is for sure .... needs to be added ....

@AlexAndBear AlexAndBear self-requested a review May 10, 2021 11:35
AlexAndBear
AlexAndBear suggested changes May 10, 2021
View reviewed changes
Copy link

@AlexAndBear AlexAndBear left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add changelog item

@DeepDiver1975 DeepDiver1975 force-pushed the chore/logging-signed-url branch from eb53c10 to 0bbd233 Compare May 12, 2021 15:41
@DeepDiver1975
Copy link
Member Author

DeepDiver1975 commented May 12, 2021

@janackermann chanelog added - thx for the reminder

@AlexAndBear AlexAndBear self-requested a review May 12, 2021 15:44
AlexAndBear
AlexAndBear approved these changes May 12, 2021
View reviewed changes
Copy link

@AlexAndBear AlexAndBear left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 👍

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 12, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
No Duplication information No Duplication information

@DeepDiver1975 DeepDiver1975 merged commit 8094fa1 into master May 12, 2021
@delete-merged-branch delete-merged-branch bot deleted the chore/logging-signed-url branch May 12, 2021 16:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@IljaN IljaN IljaN approved these changes

@AlexAndBear AlexAndBear AlexAndBear approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@DeepDiver1975 DeepDiver1975

Labels

3 - To Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@DeepDiver1975 @micbar @IljaN @AlexAndBear
X Tutup