diff options
| author | James E. Blair <jim@acmegating.com> | 2022-09-30 08:48:22 -0700 |
|---|---|---|
| committer | James E. Blair <jim@acmegating.com> | 2022-10-25 20:22:40 -0700 |
| commit | 95ec2c45e5cf0369f97aebe33e093698048a3fdb (patch) | |
| tree | 5d177affdecf8dc0785469bd70e254fe6579371e | |
| parent | c22f2c98e0af910b5d7a58966a16741fdb53cb0b (diff) | |
| download | zuul-95ec2c45e5cf0369f97aebe33e093698048a3fdb.tar.gz | |
Set Access-Control-Allow-Origin headers in check_auth tool
Since we check authorization in every method except info now,
set the headers in the check_auth tool instead of the individual
methods; that way they are set even in the case of a 401.
Change-Id: I397180122e03915694ba6e59b4bd3a743120ee6e
| -rwxr-xr-x | zuul/web/__init__.py | 59 |
1 files changed, 4 insertions, 55 deletions
diff --git a/zuul/web/__init__.py b/zuul/web/__init__.py index eb30e1d28..e9cff38d1 100755 --- a/zuul/web/__init__.py +++ b/zuul/web/__init__.py @@ -210,6 +210,7 @@ def _check_auth(require_admin=False, require_auth=False, tenant=None): def check_root_auth(**kw): """Use this for root-level (non-tenant) methods""" + cherrypy.response.headers['Access-Control-Allow-Origin'] = '*' request = cherrypy.serving.request if request.handler is None: # handle_options has already aborted the request. @@ -219,6 +220,7 @@ def check_root_auth(**kw): def check_tenant_auth(**kw): """Use this for tenant-scoped methods""" + cherrypy.response.headers['Access-Control-Allow-Origin'] = '*' request = cherrypy.serving.request zuulweb = request.app.root if request.handler is None: @@ -537,8 +539,6 @@ class ZuulWebAPI(object): project.name, body.get('change', None), body.get('ref', None)) self.zuulweb.pipeline_management_events[tenant_name][ pipeline_name].put(event) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' else: raise cherrypy.HTTPError(400, 'Invalid request body') return True @@ -583,8 +583,6 @@ class ZuulWebAPI(object): self.zuulweb.pipeline_management_events[tenant.name][ pipeline.name].put(event) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return True def _enqueue_ref(self, tenant, project, pipeline, ref, oldrev, newrev): @@ -595,8 +593,6 @@ class ZuulWebAPI(object): self.zuulweb.pipeline_management_events[tenant.name][ pipeline.name].put(event) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return True @cherrypy.expose @@ -626,8 +622,6 @@ class ZuulWebAPI(object): self.zuulweb.pipeline_management_events[tenant_name][ pipeline_name].put(event) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return True @cherrypy.expose @@ -686,8 +680,6 @@ class ZuulWebAPI(object): self._autohold(tenant_name, project_name, jbody['job'], ref_filter, jbody['reason'], jbody['count'], jbody['node_hold_expiration']) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return True def _autohold(self, tenant_name, project_name, job_name, ref_filter, @@ -744,8 +736,6 @@ class ZuulWebAPI(object): 'nodes': request.nodes, }) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return result @cherrypy.expose @@ -754,8 +744,6 @@ class ZuulWebAPI(object): @cherrypy.tools.check_tenant_auth() def autohold_get(self, tenant_name, tenant, auth, request_id): request = self._getAutoholdRequest(tenant_name, request_id) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return { 'id': request.id, 'tenant': request.tenant, @@ -892,11 +880,12 @@ class ZuulWebAPI(object): def _handleInfo(self, info): ret = {'info': info.toDict()} resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' if self.static_cache_expiry: resp.headers['Cache-Control'] = "public, max-age=%d" % \ self.static_cache_expiry resp.last_modified = self.zuulweb.start_time + # We don't wrap info methods with check_auth + resp.headers['Access-Control-Allow-Origin'] = '*' return ret def _isAuthorized(self, tenant, claims): @@ -968,8 +957,6 @@ class ZuulWebAPI(object): @cherrypy.tools.handle_options() @cherrypy.tools.check_tenant_auth(require_auth=True) def tenant_authorizations(self, tenant_name, tenant, auth): - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return {'zuul': {'admin': auth.admin, 'scope': [tenant_name, ]}, } @@ -1010,7 +997,6 @@ class ZuulWebAPI(object): ) last_modified_header = last_modified.strftime('%a, %d %b %Y %X GMT') resp.headers["Last-modified"] = last_modified_header - resp.headers['Access-Control-Allow-Origin'] = '*' return self.tenants_cache @cherrypy.expose @@ -1020,8 +1006,6 @@ class ZuulWebAPI(object): def connections(self, auth): ret = [s.connection.toDict() for s in self.zuulweb.connections.getSources()] - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret @cherrypy.expose @@ -1038,8 +1022,6 @@ class ZuulWebAPI(object): "version": comp.version, } ret.setdefault(kind, []).append(comp_json) - resp = cherrypy.response - resp.headers["Access-Control-Allow-Origin"] = "*" return ret def _getStatus(self, tenant): @@ -1071,7 +1053,6 @@ class ZuulWebAPI(object): ) last_modified_header = last_modified.strftime('%a, %d %b %Y %X GMT') resp.headers["Last-modified"] = last_modified_header - resp.headers['Access-Control-Allow-Origin'] = '*' resp.headers['Content-Type'] = 'application/json; charset=utf-8' return payload @@ -1185,8 +1166,6 @@ class ZuulWebAPI(object): job_output["tags"] = list(tags) result.append(job_output) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return result @cherrypy.expose @@ -1200,8 +1179,6 @@ class ZuulWebAPI(object): 'error': e.error} for e in tenant.layout.loading_errors.errors ] - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret @cherrypy.expose @@ -1217,8 +1194,6 @@ class ZuulWebAPI(object): for job in job_variants: result.append(job.toDict(tenant)) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return result @cherrypy.expose @@ -1237,8 +1212,6 @@ class ZuulWebAPI(object): pobj['type'] = "untrusted" result.append(pobj) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return sorted(result, key=lambda project: project["name"]) @cherrypy.expose @@ -1269,8 +1242,6 @@ class ZuulWebAPI(object): config['pipelines'].append(pipeline) result['configs'].append(config) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return result @cherrypy.expose @@ -1294,8 +1265,6 @@ class ZuulWebAPI(object): }) ret.append({"name": pipeline, "triggers": triggers}) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret @cherrypy.expose @@ -1312,8 +1281,6 @@ class ZuulWebAPI(object): launcher.supported_labels, allowed_labels, disallowed_labels)) ret = [{'name': label} for label in sorted(labels)] - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret @cherrypy.expose @@ -1339,8 +1306,6 @@ class ZuulWebAPI(object): "provider", "state", "state_time", "comment"): node_data[key] = getattr(node, key, None) ret.append(node_data) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret @cherrypy.expose @@ -1352,7 +1317,6 @@ class ZuulWebAPI(object): key = encryption.serialize_rsa_public_key(project.public_secrets_key) resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' resp.headers['Content-Type'] = 'text/plain' return key @@ -1365,7 +1329,6 @@ class ZuulWebAPI(object): key = f"{project.public_ssh_key}\n" resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' resp.headers['Content-Type'] = 'text/plain' return key @@ -1475,8 +1438,6 @@ class ZuulWebAPI(object): complete=complete, limit=limit, offset=skip, idx_min=_idx_min, idx_max=_idx_max, exclude_result=exclude_result) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return [self.buildToDict(b, b.buildset) for b in builds] @cherrypy.expose @@ -1491,8 +1452,6 @@ class ZuulWebAPI(object): if not data: raise cherrypy.HTTPError(404, "Build not found") data = self.buildToDict(data[0], data[0].buildset) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return data def buildsetToDict(self, buildset, builds=[]): @@ -1576,8 +1535,6 @@ class ZuulWebAPI(object): newrev=newrev, uuid=uuid, result=result, complete=complete, limit=limit, offset=skip, idx_min=_idx_min, idx_max=_idx_max) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return [self.buildsetToDict(b) for b in buildsets] @cherrypy.expose @@ -1592,8 +1549,6 @@ class ZuulWebAPI(object): if not data: raise cherrypy.HTTPError(404, "Buildset not found") data = self.buildsetToDict(data, data.builds) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return data @cherrypy.expose @@ -1631,8 +1586,6 @@ class ZuulWebAPI(object): 'other_tenants': other_tenants}, } result.append(sem_out) - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return result @cherrypy.expose @@ -1669,8 +1622,6 @@ class ZuulWebAPI(object): }) ret = output - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret @cherrypy.expose @@ -1715,8 +1666,6 @@ class ZuulWebAPI(object): params['secret_vars'] = job.secret_parent_data ret = params - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' return ret def _freeze_jobs(self, tenant, pipeline_name, project_name, |