Skip to content

V2.9.3 #4580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Kami merged 8 commits into from
Mar 6, 2019
Merged

V2.9.3 #4580

Kami merged 8 commits into from
Mar 6, 2019

Conversation

@bigmstone
Copy link
Contributor

@bigmstone bigmstone commented Mar 6, 2019

2.9.3 patch for CORS security fix.

bigmstone added 2 commits March 5, 2019 21:32
@bigmstone
Fix improper CORS return
466ad2c 
Prior to this commit if you sent a request from an origin not listed in
`allowed_origins` we would respond with `null` for the
`Access-Control-Allow-Origin` header. Per
[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#Directives](mozilla's documentation)
null should not be used as some clients will allow the request to go
through. This commit returns the first of our allowed origins if the
requesting origin is not a supported origin.
@bigmstone
Adding changelog entry for CORS fix
5f3406e
@Kami
Copy link
Member

Kami commented Mar 6, 2019
edited
Loading

To get the build to work I needed to remove lint api spec target - cec76ec.

There were some weird Travis build errors (e.g. https://travis-ci.org/StackStorm/st2/jobs/502377959) due to prance trying to install newer version of requests and that failed with permission error which I couldn't figure out how to fix (without forking and patching prance).

I also tried to remove Travis cache, etc. without success.

If we will encounter same issues in master in the future we might have no choice but to temporary fork prance until we can switch to newer version of requests.

Another approach / workaround would also be to create a separate virtualenv just for prance. This should work fine since it's only used by st2-lint-api-spec target.

Again, nothing worth doing for v2.9.3 (would take too much effort), but something to keep in mind if we encounter similar issues in master.

@Kami
Copy link
Member

Kami commented Mar 6, 2019

I also cherry picked fix from #4505 to avoid Travis unit tests from running 50+ minutes instead of ~15.

@Kami Kami merged commit 3a2f4bf into v2.9 Mar 6, 2019
@Kami Kami deleted the v2.9.3 branch March 6, 2019 07:34
@Kami Kami added this to the 2.9.3 milestone Mar 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kami Kami Kami approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.9.3

Development

Successfully merging this pull request may close these issues.

3 participants

@bigmstone @Kami