Skip to content

javascript: support custom header name for source maps #4630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 6, 2017
Merged

javascript: support custom header name for source maps #4630

merged 2 commits into from
Jan 6, 2017

Conversation

@mattrobenolt
Copy link
Contributor

@mattrobenolt mattrobenolt commented Dec 2, 2016

This is being carried from GH-4017.

@mattrobenolt mattrobenolt mentioned this pull request Dec 2, 2016
Closed
@getsentry-bot
Copy link
Contributor

getsentry-bot commented Dec 2, 2016
edited
Loading

1 Warning
⚠️ Changes require @getsentry/security sign-off

Security concerns found

  • src/sentry/lang/javascript/processor.py
  • src/sentry/templates/sentry/projects/manage.html
  • src/sentry/web/frontend/project_settings.py

Generated by 🚫 danger

@mattrobenolt mattrobenolt force-pushed the graingert-support-custom-header-name-for-source-maps branch from 94f465d to 61b3b28 Compare December 2, 2016 22:31
mattrobenolt
mattrobenolt commented Dec 2, 2016
View reviewed changes
src/sentry/web/frontend/project_settings.py Outdated
Copy link
Contributor Author

@mattrobenolt mattrobenolt Dec 2, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These patterns are effectively arbitrary and likely over conservative, but should be sufficient for anyone using this and prevents someone putting in complete garbage.

Copy link
Contributor

@mitsuhiko mitsuhiko Dec 3, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically you can basic auth this now. Might make sense to mention.

graingert
graingert suggested changes Dec 2, 2016
View reviewed changes
src/sentry/web/frontend/project_settings.py Outdated
Copy link
Contributor

@graingert graingert Dec 2, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should there really be a length limit here? JWT tokens can be very long

Copy link
Contributor Author

@mattrobenolt mattrobenolt Dec 2, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some limit. How long are you thinking? The value can't be say, 1MB long. :) I picked 40 as an arbitrary value since our auto generated value is a uuid which is 32 characters.

Just wondering what case you'd want to shove a JWT here.

Copy link
Contributor Author

@mattrobenolt mattrobenolt Dec 2, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I guess if the goal is with basic auth, it'll probably need to be longer than 40 chars, and also accept a wider set of characters since it's base64 encoded.

Lemme revisit this and get a better pattern here. Thanks for bringing it to my attention. :)

Copy link
Contributor Author

@mattrobenolt mattrobenolt Dec 3, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, I updated the regular expression here to actually accommodate basic auth and allow base64 characters and spaces and a length of 255. Unclear if we'd need more than that, but this seems reasonable now.

@mattrobenolt mattrobenolt force-pushed the graingert-support-custom-header-name-for-source-maps branch from 61b3b28 to b7ddfe8 Compare December 3, 2016 00:24
mitsuhiko
mitsuhiko approved these changes Dec 3, 2016
View reviewed changes
src/sentry/web/frontend/project_settings.py Outdated
Copy link
Contributor

@mitsuhiko mitsuhiko Dec 3, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically you can basic auth this now. Might make sense to mention.

@graingert
Copy link
Contributor

graingert commented Dec 21, 2016

@mattrobenolt this is looking good! #4500 will also need fixing otherwise it's too dangerous to use basic auth

@mattrobenolt
Copy link
Contributor Author

mattrobenolt commented Jan 6, 2017

@graingert I agree, and I'll get #4500 addressed. In the meantime, gonna get this merged. :)

@mattrobenolt mattrobenolt force-pushed the graingert-support-custom-header-name-for-source-maps branch from b7ddfe8 to 5e5765c Compare January 6, 2017 19:24
@mattrobenolt mattrobenolt merged commit f2ad0ca into master Jan 6, 2017
@mattrobenolt mattrobenolt deleted the graingert-support-custom-header-name-for-source-maps branch January 6, 2017 19:49
@mattrobenolt mattrobenolt mentioned this pull request Mar 23, 2017
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Dec 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@graingert graingert graingert requested changes

@mitsuhiko mitsuhiko mitsuhiko approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@tkaemming tkaemming

Labels

Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mattrobenolt @getsentry-bot @graingert @mitsuhiko @tkaemming