Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): add auth to /project/file get endpoint #1438

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fix(security): add auth to /project/file get endpoint #1438

wants to merge 1 commit into from
+11 −1

Conversation

qvalentin
Copy link
Contributor

fixes #1101

@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. auth Pertaining to authentication. labels Oct 16, 2024
@qvalentin qvalentin mentioned this pull request Oct 16, 2024
Open
@dokterbob
Copy link
Collaborator

Thanks @qvalentin for the report & fix! We'd like to take this along in the next release.

Any chance you could add a regression unittest demonstrating the issue and it's resolution?

@dokterbob dokterbob added evaluate-with-priority What's needed to address this one? security labels Oct 16, 2024
@dokterbob
Copy link
Collaborator

@qvalentin Just wrote regression test for this and several related issues. Hope to get fix in later today.

@dokterbob dokterbob mentioned this pull request Oct 16, 2024
Merged
@dokterbob
Copy link
Collaborator

Closed in favour of #1441 , which includes this patch.

@dokterbob dokterbob closed this Oct 16, 2024
@hayescode hayescode mentioned this pull request Oct 23, 2024
Merged
dokterbob pushed a commit that referenced this pull request Oct 25, 2024
@hayescode
Update server.py (#1474)
49dd1a5 
Solving the underlying issue properly requires moving to HTTP only cookies, which is out of scope for now (we want to properly clean up auth). We're gonna ship this ASAP.

This reopens #1101 and #1438 .
dokterbob pushed a commit that referenced this pull request Oct 25, 2024
@hayescode @dokterbob
Update server.py (#1474)
9723622 
Solving the underlying issue properly requires moving to HTTP only cookies, which is out of scope for now (we want to properly clean up auth). We're gonna ship this ASAP.

This reopens #1101 and #1438 .
@dokterbob dokterbob reopened this Oct 25, 2024
dokterbob added a commit that referenced this pull request Oct 25, 2024
@dokterbob @hayescode
Release prep for 1.3.1 (#1483)
daa960c 
* Update server.py (#1474)

Solving the underlying issue properly requires moving to HTTP only cookies, which is out of scope for now (we want to properly clean up auth). We're gonna ship this ASAP.

This reopens #1101 and #1438 .

* Changelog for 1.3.1 and 2.0.dev2.

* Bump version to 1.3.1.

---------

Co-authored-by: Josh Hayes <[email protected]>
@dokterbob dokterbob marked this pull request as draft November 13, 2024 10:37
@dokterbob dokterbob mentioned this pull request Nov 13, 2024
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auth Pertaining to authentication. evaluate-with-priority What's needed to address this one? security size:S This PR changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Files not protected when auth is enabled
2 participants
@qvalentin @dokterbob