Skip to content
This repository was archived by the owner on Sep 8, 2025. It is now read-only.

Block api calls to other sites - related ticket https://trello.com/c/… #341

Merged
nlsvgtr merged 14 commits into from
Aug 22, 2022
Merged

Block api calls to other sites - related ticket https://trello.com/c/… #341

nlsvgtr merged 14 commits into from
Aug 22, 2022

Conversation

@nlsvgtr
Copy link
Contributor

@nlsvgtr nlsvgtr commented May 18, 2022

Description

The frontend proxies requests to the API server. Currently that proxy can be used to send API requests for other websites then the current. That should not be so.

Fixes issue

https://trello.com/c/zRxVliEP

Type of change

Bugfix

Documentation

N/A

Tests

Only locally

nlsvgtr and others added 9 commits February 3, 2022 13:41
@nlsvgtr
Block api calls to other sites - related ticket https://trello.com/c/…
4e93863 
…zRxVliEP
@nlsvgtr
Turn on inline authentication in participatory-budgeting-widget
c2c84eb
@nlsvgtr
Add form fields
8667eaf
@nlsvgtr
Use direct links to fettch iamegs in filepond
27053c5
@nlsvgtr
Fix typo
16d8c94
@rudivanhierden
Update node to 16.16 & run npm update
56162e5 
Due to an update in the default repositories in the underlying `alpine` image, `python` no longer refers to the correct version for our build. Changing it to `python3` will allow the build to complete succesfully.

Ideally we'd update to version 18 straight away, but that seems a bit less straightforward. Updating to version 16 (which has security support until september 11th 2023) buys us time to come up with a good strategy to upgrade further.
@nlsvgtr
npm audit fix
045b8d2
@rudivanhierden
Merge pull request openstad#351 from openstad/feature/update-node-16
afb003b 
Update node to 16.16 & run `npm update`
@nlsvgtr
Merge pull request openstad#352 from Amsterdam/codeimprovement/npm-au…
6cf5ecf 
…dit-fix

Codeimprovement/npm audit fix
@nlsvgtr nlsvgtr requested a review from Badmuts August 16, 2022 10:18
Badmuts
Badmuts reviewed Aug 22, 2022
View reviewed changes
packages/cms/lib/modules/api-proxy/index.js Outdated

const siteId = req.data.global.siteId;
let path = req.path;
let match = path.match(/\/api\/site\/(\d+)\//);
Copy link
Contributor

@Badmuts Badmuts Aug 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be better to make the latest slash optional so it also matches this record:

/api/site/12

Regex: \/api\/site\/(\d+)\/?

Copy link
Contributor Author

@nlsvgtr nlsvgtr Aug 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Fixed.

nlsvgtr added 5 commits August 22, 2022 14:08
@nlsvgtr
Merge pull request openstad#339 from Amsterdam/codeimprovement/skip-i…
12af2be 
…mage-proxy-for-loading

Use direct links to fetch images in filepond
@nlsvgtr
Merge pull request openstad#332 from Amsterdam/feature/authentication…
aa8c321 
…-in-participatory-budgeting-widget

Turn on inline authentication in participatory-budgeting-widget
@nlsvgtr
Block api calls to other sites - related ticket https://trello.com/c/…
360d57d 
…zRxVliEP
@nlsvgtr
Optional trailing slash
0ee71a3
@nlsvgtr
Merge branch 'bugfix/block-api-calls-to-other-sites' of github.com:Am…
6e44f61 
…sterdam/openstad-frontend into bugfix/block-api-calls-to-other-sites
@nlsvgtr nlsvgtr merged commit f662f6e into openstad:development Aug 22, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@Badmuts Badmuts Badmuts approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nlsvgtr @Badmuts @rudivanhierden