Skip to content

#166203947 Block localhosts requests to deployed environments #427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

#166203947 Block localhosts requests to deployed environments #427

wants to merge 1 commit into from

Conversation

Arusey
Copy link
Contributor

@Arusey Arusey commented Jun 6, 2019
edited
Loading

What does this PR do?

Blocks localhost requests to deployed environments

Description of Task to be completed?

When a user makes a request to deployed environments using the localhost, they should be blocked from doing so.

How should this be manually tested?

  1. Clone the repo: git clone https://github.com/andela/mrm_api.git
  2. Setup project according to Readme.md
  3. checkout to branch ch-block-localhost-requests-166203947
    image
  4. Create a simple client to fetch data from your backend server. Find attached the script to do so
    console.log('loading script')
fetch('http://localhost:8000/mrm', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
  },
  body: JSON.stringify({query: "{allRooms { rooms { name }} }"})
})
  .then(r => r.json())
  .then(data => console.log('data returned:', data))
  .catch(e => console.log('error '+ e));

  1. Change the CORS in your app.py to be as below.
    image

  2. Inspect the changes on your browser.

Pivotal tracker story

#166203947

  • My code follows the style guidelines of this project
  • I have linted my code prior to submission
  • I have made the corresponding changes to the documentation
  • My changes generate no new warnings
  • New and existing unit tests pass locally with my changes
  • Implementation works according to expectations

@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch 7 times, most recently from 29552b6 to e12ef87 Compare June 7, 2019 13:03
@Arusey Arusey added the wip label Jun 7, 2019
rajeman
rajeman reviewed Jun 7, 2019
View reviewed changes
requirements.txt Outdated
@@ -4,7 +4,7 @@ blinker==1.4
celery==3.1.17
coverage==4.5.1
Flask==0.12.2
Flask-Cors==3.0.4
Flask-Cors==3.0.7
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Arusey is there any reason why this dependency was upgraded?

@Arusey
Copy link
Contributor Author

Arusey commented Jun 9, 2019 via email

@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch 7 times, most recently from e2b2d3c to 1251863 Compare June 10, 2019 14:42
@Arusey Arusey removed the wip label Jun 10, 2019
@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch from 1251863 to 28c5fda Compare June 10, 2019 14:56
@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch 3 times, most recently from 8ae652e to 49d89da Compare June 13, 2019 14:10
@mnswaleh
Copy link
Contributor

Kindly include a link to the PT Board story

mnswaleh
mnswaleh reviewed Jun 17, 2019
View reviewed changes
Copy link
Contributor

@mnswaleh mnswaleh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job @Arusey. Both the localhost, postman and insomnia requests are blocked

helpers/auth/allowed_requests.py Outdated


def validate_origins():
"validate requests for production environments"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider placing the docstrings in """triple double quotes"""

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

noted

@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch from 49d89da to 3924140 Compare June 17, 2019 13:30
@mnswaleh mnswaleh self-requested a review June 17, 2019 15:46
@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch 11 times, most recently from e385432 to 759603d Compare June 19, 2019 14:42
chore(block requests):block localhosts requests to deployment envirom…
06bf396 
…ents

- Block requests from localhoste being made to deployment enviroments
Finishes #166203947
@Arusey Arusey force-pushed the ch-block-localhost-requests-166203947 branch from 759603d to 06bf396 Compare June 20, 2019 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajeman rajeman rajeman left review comments

@mnswaleh mnswaleh mnswaleh approved these changes

@Bonifase Bonifase Awaiting requested review from Bonifase

@d-kahara d-kahara Awaiting requested review from d-kahara

@daniellamarr daniellamarr Awaiting requested review from daniellamarr

@jesseinit jesseinit Awaiting requested review from jesseinit

@joshuaocero joshuaocero Awaiting requested review from joshuaocero

@KMaina KMaina Awaiting requested review from KMaina

@kwanj-k kwanj-k Awaiting requested review from kwanj-k

@codinger41 codinger41 Awaiting requested review from codinger41

@Makwe-O Makwe-O Awaiting requested review from Makwe-O

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Arusey @mnswaleh @rajeman