Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add escape to headers and check API URL #3710

Merged
merged 4 commits into from
Feb 18, 2025
Merged

fix: Add escape to headers and check API URL #3710

merged 4 commits into from
Feb 18, 2025

Conversation

OliwiaGowor
Copy link
Contributor

@OliwiaGowor OliwiaGowor commented Feb 17, 2025
edited by mrCherry97
Loading

Description

Changes proposed in this pull request:

  • validate that the x-cluster-url header is a valid URL
  • encode error and log outputs
  • send error responses with a Content-Type of text/plain

Related issue(s)

Definition of done

  • The PR's title starts with one of the following prefixes:
    • feat: A new feature
    • fix: A bug fix
    • docs: Documentation only changes
    • refactor: A code change that neither fixes a bug nor adds a feature
    • test: Adding tests
    • revert: Revert commit
    • chore: Maintainance changes to the build process or auxiliary tools, libraries, workflows, etc.
  • Related issues are linked. To link internal trackers, use the issue IDs like backlog#4567
  • Explain clearly why you created the PR and what changes it introduces
  • All necessary steps are delivered, for example, tests, documentation, merging

@kyma-bot kyma-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cla: yes Indicates the PR's author has signed the CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 17, 2025
@OliwiaGowor OliwiaGowor marked this pull request as ready for review February 17, 2025 11:25
@kyma-bot kyma-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 17, 2025
@kyma-bot kyma-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 17, 2025
dbadura
dbadura requested changes Feb 18, 2025
View reviewed changes
backend/common.js Outdated
@@ -120,7 +124,10 @@ export const makeHandleRequest = () => {

function throwInternalServerError(originalError) {
req.log.warn(originalError);
res.status(502).send('Request ID: ' + req.id);
res.setHeader('Content-Type', 'text/plain');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
res.setHeader('Content-Type', 'text/plain');
res.contentType('text/plain');

backend/common.js Outdated
Comment on lines 51 to 53
apiServerAddress: req.headers['x-cluster-url']
? escape(req.headers['x-cluster-url'])
: undefined,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
apiServerAddress: req.headers['x-cluster-url']
? escape(req.headers['x-cluster-url'])
: undefined,
apiServerAddress: escape(req.headers['x-cluster-url'])

Isn't it enough?

@kyma-bot kyma-bot added the lgtm Looks good to me! label Feb 18, 2025
@dbadura dbadura enabled auto-merge (squash) February 18, 2025 14:36
@dbadura dbadura merged commit 779eb6d into kyma-project:main Feb 18, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dbadura dbadura dbadura approved these changes

@akucharska akucharska Awaiting requested review from akucharska akucharska is a code owner

@mrCherry97 mrCherry97 Awaiting requested review from mrCherry97 mrCherry97 is a code owner

@chriskari chriskari Awaiting requested review from chriskari chriskari is a code owner

Assignees

@dbadura dbadura

Labels
cla: yes Indicates the PR's author has signed the CLA. lgtm Looks good to me! size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@OliwiaGowor @dbadura @kyma-bot