Block api calls to other sites - related ticket https://trello.com/c/… #341
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Due to an update in the default repositories in the underlying `alpine` image, `python` no longer refers to the correct version for our build. Changing it to `python3` will allow the build to complete succesfully. Ideally we'd update to version 18 straight away, but that seems a bit less straightforward. Updating to version 16 (which has security support until september 11th 2023) buys us time to come up with a good strategy to upgrade further.
Update node to 16.16 & run `npm update`
…dit-fix Codeimprovement/npm audit fix
Badmuts
approved these changes
Aug 22, 2022
Badmuts
reviewed
Aug 22, 2022
| @@ -21,6 +21,15 @@ module.exports = { | |||
| pathRewrite: {['^' + apiPath]: '/api'}, | |||
| onProxyReq: (proxyReq, req, res) => { | |||
|
|
|||
| const siteId = req.data.global.siteId; | |||
| let path = req.path; | |||
| let match = path.match(/\/api\/site\/(\d+)\//); | |||
There was a problem hiding this comment.
Might be better to make the latest slash optional so it also matches this record:
/api/site/12
Regex: \/api\/site\/(\d+)\/?
…mage-proxy-for-loading Use direct links to fetch images in filepond
…-in-participatory-budgeting-widget Turn on inline authentication in participatory-budgeting-widget
…sterdam/openstad-frontend into bugfix/block-api-calls-to-other-sites
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The frontend proxies requests to the API server. Currently that proxy can be used to send API requests for other websites then the current. That should not be so.
Fixes issue
https://trello.com/c/zRxVliEP
Type of change
Bugfix
Documentation
N/A
Tests
Only locally