From d1b850537913c1df22eda518b2b17e6ac896b5ba Mon Sep 17 00:00:00 2001
From: Fitz Elliott <fitz@cos.io>
Date: Wed, 25 Jul 2018 10:35:47 -0400
Subject: [PATCH 1/4] add X-CSRFToken to acceptable CORS headers

---
 waterbutler/server/utils.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waterbutler/server/utils.py b/waterbutler/server/utils.py
index 01688c278..a421343c4 100644
--- a/waterbutler/server/utils.py
+++ b/waterbutler/server/utils.py
@@ -8,6 +8,7 @@
     'Authorization',
     'Cache-Control',
     'X-Requested-With',
+    'X-CSRFToken',
 ]
 
 CORS_EXPOSE_HEADERS = [

From eaf1729725a8eebdcfcfc696aa29f160c0bd6caa Mon Sep 17 00:00:00 2001
From: Fitz Elliott <fitz@cos.io>
Date: Wed, 25 Jul 2018 11:04:28 -0400
Subject: [PATCH 2/4] remove ip address from keen analytics

---
 waterbutler/core/remote_logging.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/waterbutler/core/remote_logging.py b/waterbutler/core/remote_logging.py
index fa4580c4c..21b89186a 100644
--- a/waterbutler/core/remote_logging.py
+++ b/waterbutler/core/remote_logging.py
@@ -130,7 +130,8 @@ async def log_to_keen(action, api_version, request, source, destination=None, er
                 {  # private
                     'name': 'keen:ip_to_geo',
                     'input': {
-                        'ip': 'tech.ip'
+                        'ip': 'tech.ip',
+                        'remove_ip_property': True,
                     },
                     'output': 'geo',
                 },

From 4a33463b4046031d05212e00c28d3b91b3f07224 Mon Sep 17 00:00:00 2001
From: Fitz Elliott <fitz@cos.io>
Date: Wed, 25 Jul 2018 11:15:00 -0400
Subject: [PATCH 3/4] remove never-implemented geolocation code

 * Analytics fields will be left in and hardcoded to `None` to avoid
   changing the schema.
---
 requirements.txt                   |  3 ---
 waterbutler/core/remote_logging.py | 11 +++--------
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 63e9e8888..897f3526d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,6 +19,3 @@ xmltodict==0.9.0
 
 # Issue: certifi-2015.9.6.1 and 2015.9.6.2 fail verification (https://github.com/certifi/python-certifi/issues/26)
 certifi==2015.4.28
-
-# Analytics requirements
-python-geoip-geolite2==2015.0303
diff --git a/waterbutler/core/remote_logging.py b/waterbutler/core/remote_logging.py
index 21b89186a..08c574db9 100644
--- a/waterbutler/core/remote_logging.py
+++ b/waterbutler/core/remote_logging.py
@@ -5,7 +5,6 @@
 
 import furl
 import aiohttp
-# from geoip import geolite2
 
 from waterbutler import settings
 from waterbutler.core import utils
@@ -80,10 +79,6 @@ async def log_to_keen(action, api_version, request, source, destination=None, er
     if settings.KEEN_PRIVATE_PROJECT_ID is None:
         return
 
-    location = None
-    # if request['ip'] and re.match('\d+\.\d+\.\d+\.\d+', request['ip']):  # needs IPv4 format
-    #     location = geolite2.lookup(request['ip'])
-
     keen_payload = {
         'meta': {
             'wb_version': __version__,
@@ -92,9 +87,9 @@ async def log_to_keen(action, api_version, request, source, destination=None, er
         },
         'request': request['request'],  # .info added via keen addons
         'tech': request['tech'],  # .info added via keen addons
-        'anon': {
-            'continent': getattr(location, 'continent', None),
-            'country': getattr(location, 'country', None),
+        'anon': {  # intended for anonymized geolocation, never implemented
+            'continent': None,
+            'country': None,
         },
         'action': {
             'type': action,

From b329c3063a4f3b64e1d44a31aa9f27ad14f0bcb1 Mon Sep 17 00:00:00 2001
From: Fitz Elliott <fitz@cos.io>
Date: Wed, 25 Jul 2018 10:41:33 -0400
Subject: [PATCH 4/4] bump version & update changelog

---
 CHANGELOG              | 6 ++++++
 waterbutler/version.py | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7f5b5be48..42eceaf1d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,12 @@
 ChangeLog
 *********
 
+0.40.1 (2018-07-25)
+===================
+- Feature: Add `X-CSRFToken` to list of acceptable CORS headers.
+- Feature: Tell Keen analytics to strip ip on upload.
+- Code: Remove never-implemented anonymous geolocation code.
+
 0.40.0 (2018-06-22)
 ===================
 - Feature: Listen for MFR-originating metadata requests and relay the nature of the request to
diff --git a/waterbutler/version.py b/waterbutler/version.py
index eb9b6f12e..5e1c3f39f 100644
--- a/waterbutler/version.py
+++ b/waterbutler/version.py
@@ -1 +1 @@
-__version__ = '0.40.0'
+__version__ = '0.40.1'