Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: set stricter cors header #94

Merged
merged 2 commits into from
Nov 21, 2023
Merged

fix: set stricter cors header #94

merged 2 commits into from
Nov 21, 2023

Conversation

CrabNejonas
Copy link
Contributor

@CrabNejonas CrabNejonas commented Nov 20, 2023
edited
Loading

This makes the CORS header more strict so that only requests from https://devtools.crabnebula.dev are allowed.

It also adds a UNSAFE_BYPASS_CLIENT_AUTH environment variable that can be set to bypass this stricter check (for local development)

resolves DR-580

@linear Linear
Copy link

linear bot commented Nov 20, 2023

DR-580 fix: configure CORS in instrumentation

Right now CORS is configured to allow connections from any origin. Once we have an exact origin the DevTools UI is hosted at we should configure CORS to only accept connections from that origin.

@lucasfernog-crabnebula
Copy link
Member

With this change we also need to include a .cargo/config.toml on our repo:

[env]
UNSAFE_BYPASS_CLIENT_AUTH = "true"

for development

(plus remembering to set that var for other projects we use for development)

@CrabNejonas
Copy link
Contributor Author

With this change we also need to include a .cargo/config.toml on our repo:

[env]
UNSAFE_BYPASS_CLIENT_AUTH = "true"

for development

(plus remembering to set that var for other projects we use for development)

good call

@CrabNejonas
Copy link
Contributor Author

Made this a compile-time check and added the config file

@CrabNejonas CrabNejonas merged commit 62a31e6 into main Nov 21, 2023
@github-actions github-actions bot mentioned this pull request Nov 30, 2023
Merged
@CrabNejonas CrabNejonas deleted the jonas/fix/client-auth branch December 5, 2023 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucasfernog-crabnebula lucasfernog-crabnebula lucasfernog-crabnebula approved these changes

@david-crabnebula david-crabnebula Awaiting requested review from david-crabnebula

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CrabNejonas @lucasfernog-crabnebula