Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

Merged
merged 1 commit into from
Mar 9, 2024
Merged

[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

merged 1 commit into from
Mar 9, 2024

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 58fb588 from #5641.

@github-actions
Support dynamic CSP rules to mitigate clickjacking (#5641)
881668a 
* support dynamic csp rules to mitigate clickjacking

Signed-off-by: Tianle Huang <[email protected]>

* add unit tests for the provider class

Signed-off-by: Tianle Huang <[email protected]>

* move request handler to its own class

Signed-off-by: Tianle Huang <[email protected]>

* add license headers

Signed-off-by: Tianle Huang <[email protected]>

* fix failed unit tests

Signed-off-by: Tianle Huang <[email protected]>

* add unit tests for the handler

Signed-off-by: Tianle Huang <[email protected]>

* add content to read me

Signed-off-by: Tianle Huang <[email protected]>

* fix test error

Signed-off-by: Tianle Huang <[email protected]>

* update readme

Signed-off-by: Tianle Huang <[email protected]>

* update CHANGELOG.md

Signed-off-by: Tianle Huang <[email protected]>

* update snap tests

Signed-off-by: Tianle Huang <[email protected]>

* update snapshots

Signed-off-by: Tianle Huang <[email protected]>

* fix a wrong import

Signed-off-by: Tianle Huang <[email protected]>

* undo changes in listing snap

Signed-off-by: Tianle Huang <[email protected]>

* improve wording

Signed-off-by: Tianle Huang <[email protected]>

* set client after default client is created

Signed-off-by: Tianle Huang <[email protected]>

* update return value and add a unit test

Signed-off-by: Tianle Huang <[email protected]>

* remove unnecessary dependency

Signed-off-by: Tianle Huang <[email protected]>

* make the name of the index configurable

Signed-off-by: Tianle Huang <[email protected]>

* expose APIs and update file structures

Signed-off-by: Tianle Huang <[email protected]>

* add header

Signed-off-by: Tianle Huang <[email protected]>

* fix link error

Signed-off-by: Tianle Huang <[email protected]>

* fix link error

Signed-off-by: Tianle Huang <[email protected]>

* add more unit tests

Signed-off-by: Tianle Huang <[email protected]>

* add more unit tests

Signed-off-by: Tianle Huang <[email protected]>

* update api path

Signed-off-by: Tianle Huang <[email protected]>

* remove logging

Signed-off-by: Tianle Huang <[email protected]>

* update path

Signed-off-by: Tianle Huang <[email protected]>

* rename index name

Signed-off-by: Tianle Huang <[email protected]>

* update wording

Signed-off-by: Tianle Huang <[email protected]>

* make the new plugin disabled by default

Signed-off-by: Tianle Huang <[email protected]>

* do not update defaults to avoid breaking change

Signed-off-by: Tianle Huang <[email protected]>

* update readme to reflect new API path

Signed-off-by: Tianle Huang <[email protected]>

* update handler to append frame-ancestors conditionally

Signed-off-by: Tianle Huang <[email protected]>

* update readme

Signed-off-by: Tianle Huang <[email protected]>

* clean up code to prepare for application config

Signed-off-by: Tianle Huang <[email protected]>

* reset change log

Signed-off-by: Tianle Huang <[email protected]>

* reset change log again

Signed-off-by: Tianle Huang <[email protected]>

* update accordingly to new changes in applicationConfig

Signed-off-by: Tianle Huang <[email protected]>

* update changelog

Signed-off-by: Tianle Huang <[email protected]>

* rename to a new plugin name

Signed-off-by: Tianle Huang <[email protected]>

* rename

Signed-off-by: Tianle Huang <[email protected]>

* rename more

Signed-off-by: Tianle Huang <[email protected]>

* sync changelog from main

Signed-off-by: Tianle Huang <[email protected]>

* onboard to app config

Signed-off-by: Tianle Huang <[email protected]>

* fix comment

Signed-off-by: Tianle Huang <[email protected]>

* update yml

Signed-off-by: Tianle Huang <[email protected]>

* update readme

Signed-off-by: Tianle Huang <[email protected]>

* update change log

Signed-off-by: Tianle Huang <[email protected]>

* call out single quotes in readme

Signed-off-by: Tianle Huang <[email protected]>

* update yml

Signed-off-by: Tianle Huang <[email protected]>

* update default

Signed-off-by: Tianle Huang <[email protected]>

* add reference link

Signed-off-by: Tianle Huang <[email protected]>

* update js doc

Signed-off-by: Tianle Huang <[email protected]>

* rename

Signed-off-by: Tianle Huang <[email protected]>

* use new name

Signed-off-by: Tianle Huang <[email protected]>

* redo changelog update

Signed-off-by: Tianle Huang <[email protected]>

* remove link

Signed-off-by: Tianle Huang <[email protected]>

* better name

Signed-off-by: Tianle Huang <[email protected]>

---------

Signed-off-by: Tianle Huang <[email protected]>
(cherry picked from commit 58fb588)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot added the autocut Skip the changelog verification check on backports label Mar 8, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 8, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.13%. Comparing base (8ccc90e) to head (881668a).

Additional details and impacted files 
@@            Coverage Diff             @@
##              2.x    #6101      +/-   ##
==========================================
+ Coverage   67.12%   67.13%   +0.01%     
==========================================
  Files        3314     3315       +1     
  Lines       63875    63895      +20     
  Branches    10186    10189       +3     
==========================================
+ Hits        42877    42897      +20     
  Misses      18525    18525              
  Partials     2473     2473
Flag Coverage Δ
Linux_1 35.21% <ø> (ø)
Linux_2 55.12% <ø> (ø)
Linux_3 44.69% <100.00%> (+0.01%) ⬆️
Linux_4 35.32% <ø> (ø)
Windows_1 35.23% <ø> (ø)
Windows_2 55.09% <ø> (ø)
Windows_3 44.72% <100.00%> (+0.04%) ⬆️
Windows_4 35.32% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bandinib-amzn bandinib-amzn merged commit b338dc9 into 2.x Mar 9, 2024
86 of 87 checks passed
@github-actions github-actions bot deleted the backport/backport-5641-to-2.x branch March 9, 2024 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BionIT BionIT BionIT approved these changes

@bandinib-amzn bandinib-amzn bandinib-amzn approved these changes

@xinruiba xinruiba xinruiba approved these changes

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@kristenTian kristenTian Awaiting requested review from kristenTian

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs manasvinibs is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@BSFishy BSFishy Awaiting requested review from BSFishy

@curq curq Awaiting requested review from curq curq is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

Assignees
No one assigned
Labels
autocut Skip the changelog verification check on backports v2.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BionIT @bandinib-amzn @xinruiba