Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix getstarted undefined referrer issue with IPDB (#1866)

Browse Source 
Skip Referer check on preflight request (OPTIONS) and set Referrer-Policy to origin-when-cross-origin in response to OPTIONS request. Once Referrer-Policy is set on the subsequent POST request referrer is set by the browser to expected value.
This commit is contained in:
Shahbaz Nazir 2017-11-17 20:35:57 +01:00 committed by GitHub
parent f53eb1e3e7
commit bc4f8fcab5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
k8s/nginx-https-web-proxy/container/docker_build_and_push.bash
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
docker build -t bigchaindb/nginx-https-web-proxy:0.10 . docker build -t bigchaindb/nginx-https-web-proxy:0.12 .
docker push bigchaindb/nginx-https-web-proxy:0.10 docker push bigchaindb/nginx-https-web-proxy:0.12

13
k8s/nginx-https-web-proxy/container/nginx.conf.template
View File

@ -90,12 +90,6 @@ http {
end end
} }
# check if the request originated from the required web page
# use referer header.
if ($http_referer !~ "PROXY_EXPECTED_REFERER_HEADER" ) {
return 403 'Unknown referer';
}
# check if the request has the expected origin header # check if the request has the expected origin header
if ($http_origin !~ "PROXY_EXPECTED_ORIGIN_HEADER" ) { if ($http_origin !~ "PROXY_EXPECTED_ORIGIN_HEADER" ) {
return 403 'Unknown origin'; return 403 'Unknown origin';
@ -108,9 +102,16 @@ http {
add_header 'Access-Control-Max-Age' 43200; add_header 'Access-Control-Max-Age' 43200;
add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0; add_header 'Content-Length' 0;
add_header 'Referrer-Policy' "PROXY_REFERRER_POLICY";
return 204; return 204;
} }
# check if the request originated from the required web page
# use referer header.
if ($http_referer !~ "PROXY_EXPECTED_REFERER_HEADER" ) {
return 403 'Unknown referer';
}
# No auth for GETs, forward directly to BDB. # No auth for GETs, forward directly to BDB.
if ($request_method = GET) { if ($request_method = GET) {
proxy_pass http://$bdb_backend:BIGCHAINDB_API_PORT; proxy_pass http://$bdb_backend:BIGCHAINDB_API_PORT;

5
k8s/nginx-https-web-proxy/nginx-https-web-proxy-conf.yaml
View File

@ -49,6 +49,11 @@ data:
# are available to external clients. # are available to external clients.
proxy-frontend-port: "4443" proxy-frontend-port: "4443"
# proxy-referrer-policy defines the expected behaviour from
# browser while setting the referer header in the HTTP requests to the
# proxy service.
proxy-referrer-policy: "origin-when-cross-origin"
# expected-http-referer is the expected regex expression of the Referer # expected-http-referer is the expected regex expression of the Referer
# header in the HTTP requests to the proxy. # header in the HTTP requests to the proxy.
# The default below accepts the referrer value to be *.bigchaindb.com # The default below accepts the referrer value to be *.bigchaindb.com

5
k8s/nginx-https-web-proxy/nginx-https-web-proxy-dep.yaml
View File

@ -25,6 +25,11 @@ spec:
configMapKeyRef: configMapKeyRef:
name: proxy-vars name: proxy-vars
key: proxy-frontend-port key: proxy-frontend-port
- name: PROXY_REFERRER_POLICY
valueFrom:
configMapKeyRef:
name: proxy-vars
key: proxy-referrer-policy
- name: PROXY_EXPECTED_REFERER_HEADER - name: PROXY_EXPECTED_REFERER_HEADER
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef: