You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by gc...@apache.org on 2023/05/23 16:21:23 UTC

[allura] branch gc/8511 updated (cc1a0eb58 -> 221b69964)

This is an automated email from the ASF dual-hosted git repository.

gcruz pushed a change to branch gc/8511
in repository https://gitbox.apache.org/repos/asf/allura.git


 discard cc1a0eb58 [#8511] adding new header Referrer-Policy
     add 6ea595c6e fix rebuild-all.bash SVN replacement to match updated format
     add dc3ca63bc upgrade regex-as-re-globally for py3.11 issue
     new 221b69964 [#8511] adding new header Referrer-Policy

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (cc1a0eb58)
            \
             N -- N -- N   refs/heads/gc/8511 (221b69964)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 rebuild-all.bash | 2 +-
 requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

[allura] 01/01: [#8511] adding new header Referrer-Policy

Posted by gc...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

gcruz pushed a commit to branch gc/8511
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 221b699647860a2e2f3b56e28844c5b65acba6df
Author: Guillermo Cruz <gu...@slashdotmedia.com>
AuthorDate: Fri May 19 16:17:58 2023 -0500

    [#8511] adding new header Referrer-Policy
---
 Allura/allura/config/middleware.py     | 4 ++--
 Allura/allura/lib/custom_middleware.py | 6 ++++--
 Allura/development.ini                 | 3 +++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/Allura/allura/config/middleware.py b/Allura/allura/config/middleware.py
index 5e42a1b06..58ee37078 100644
--- a/Allura/allura/config/middleware.py
+++ b/Allura/allura/config/middleware.py
@@ -61,7 +61,7 @@ from allura.lib.custom_middleware import RememberLoginMiddleware
 from allura.lib.custom_middleware import SetRequestHostFromConfig
 from allura.lib.custom_middleware import MingTaskSessionSetupMiddleware
 from allura.lib.custom_middleware import ContentSecurityPolicyMiddleware
-from allura.lib.custom_middleware import BrowserPermissionsPolicy
+from allura.lib.custom_middleware import SetHeadersMiddleware
 from allura.lib.custom_middleware import StatusCodeRedirect
 from allura.lib import helpers as h
 from allura.lib.utils import configure_ming
@@ -133,7 +133,7 @@ def _make_core_app(root, global_conf: dict, **app_conf):
     # CSP headers
     app = ContentSecurityPolicyMiddleware(app, config)
     # broswer permissions policy
-    app = BrowserPermissionsPolicy(app, config)
+    app = SetHeadersMiddleware(app, config)
     # Required for sessions
     app = SessionMiddleware(app, config, data_serializer=BeakerPickleSerializerWithLatin1())
     # Handle "Remember me" functionality
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index e3f130cdf..e74594aa0 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -533,8 +533,8 @@ class ContentSecurityPolicyMiddleware:
         return resp(environ, start_response)
 
 
-class BrowserPermissionsPolicy:
-    """ Sets Permissions-Policy header for iframes """
+class SetHeadersMiddleware:
+    """ Set headers """
 
     def __init__(self, app, config):
         self.app = app
@@ -547,6 +547,8 @@ class BrowserPermissionsPolicy:
             resp.headers.add('Permissions-Policy', f"{self.config['permissions_policies']}")
         if self.config.get('features_policies', ''):
             resp.headers.add('Feature-Policy', f"{self.config['features_policies']}")
+        if self.config.get('referrer_policy'):
+            resp.headers.add('Referrer-Policy', f"{self.config['referrer_policy']}")
         return resp(environ, start_response)
 
 
diff --git a/Allura/development.ini b/Allura/development.ini
index b9389c43a..20fe654d7 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -356,6 +356,9 @@ features_policies = microphone 'none'; geolocation 'none'; camera 'none'; paymen
 ; Replacement of Feature Policy
 permissions_policies = microphone=(), geolocation=(), camera=(), payment=(), document-domain=(), display-capture=(), autoplay=()
 
+; Referrer Policy
+referrer_policy = 'origin'
+
 ; SCM settings for local development
 ; If you set up services for Git, SVN, or Hg that run on https://, ssh://, git:// etc, you can show corresponding
 ; checkout commands by adding new entries to these lists.   Each one needs a name/key/title as shown below.