Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug s3 cdn iss481 #492

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

Bug s3 cdn iss481 #492

wants to merge 26 commits into from

Conversation

mdwallick
Copy link
Contributor

@mdwallick mdwallick commented Feb 7, 2022
edited by noinarisak
Loading

This branch removes references to the Zartan S3 CDN for the Okta sign-in widget and AuthJS library and replaces them with the Okta CDN URL. Additionally, the SIW and AuthJS versions are now configurable via environment variables. The default SIW and AuthJS versions are the latest available without any breaking changes (i.e. < 6.0.0).

Resolves #481

@mdwallick mdwallick added the type: bug Something isn't working label Feb 7, 2022
@mdwallick mdwallick linked an issue Feb 7, 2022 that may be closed by this pull request
[BUG] Remove custom s3 cdn of auth-js for offical okta cdn urls #481
Open
@mdwallick
Copy link
Contributor Author

Related to the SonarCloud security hotspots, I could easily include hashes for the AuthJS and SIW Javascript libraries coming from the CDN, but should I? We would need to account for hashes for different versions, should someone choose to use a different version, or make the hash values part of the config directly. That might not be a bad idea; have default versions and hashes in app_config.py, and let environment variables override them.

noinarisak
noinarisak requested changes Feb 8, 2022
View reviewed changes
Copy link
Contributor

@noinarisak noinarisak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mdwallick Can you look at my comments.

noinarisak
noinarisak requested changes Feb 8, 2022
View reviewed changes
.env.sample Outdated Show resolved Hide resolved
mdwallick and others added 11 commits February 8, 2022 17:44
@noinarisak noinarisak self-requested a review March 22, 2022 20:10
@sonarcloud
Copy link

sonarcloud bot commented Jun 17, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 9 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 1 Security Hotspot
Code Smell A 518 Code Smells

No Coverage information No Coverage information
0.3% 0.3% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srecinto srecinto Awaiting requested review from srecinto

@noinarisak noinarisak Awaiting requested review from noinarisak

Requested changes must be addressed to merge this pull request.

Assignees

@mdwallick mdwallick

Labels
type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Remove custom s3 cdn of auth-js for offical okta cdn urls
2 participants
@mdwallick @noinarisak