Page MenuHomePhabricator

[identity] validate origins provided through env var
ClosedPublic

Authored by varun on Mar 5 2024, 3:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 10:50 AM
Unknown Object (File)
Tue, Nov 12, 10:00 AM
Unknown Object (File)
Tue, Nov 12, 8:39 AM
Unknown Object (File)
Tue, Nov 12, 4:27 AM
Unknown Object (File)
Oct 31 2024, 9:26 PM
Unknown Object (File)
Oct 10 2024, 12:16 PM
Unknown Object (File)
Oct 10 2024, 12:16 PM
Unknown Object (File)
Oct 10 2024, 12:15 PM
Subscribers

Details

Summary

quick follow up to ENG-6926. the HeaderValue::from_str function takes pretty much any ascii string, but we should validate these strings first to make sure we have the right format in terraform, where we set the value of ALLOW_ORIGIN_LIST

we already use the url crate in shared/backup_client and services/commtest

Test Plan

unit tests, tested that other schemes like ftp and missing ports don't work on staging

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage