temp

raft-tech · Oct 16, 2023 · 36cc7ce · 36cc7ce
1 parent 489d074
commit 36cc7ce
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 47 deletions.
diff --git a/scripts/zap-scanner.sh b/scripts/zap-scanner.sh
@@ -19,7 +19,7 @@ if [ "$ENVIRONMENT" = "nightly" ]; then
     fi
 elif [ "$ENVIRONMENT" = "circle" ] || [ "$ENVIRONMENT" = "local" ]; then
     if [ "$TARGET" = "frontend" ]; then
-        APP_URL="https://tdp-frontend-raft.app.cloud.gov"
+        APP_URL="https://tdp-frontend-raft.app.cloud.gov/"
     elif [ "$TARGET" = "backend" ]; then
         APP_URL="http://tdp-frontend/"
     else
@@ -40,7 +40,7 @@ cd "$TARGET_DIR" || exit 2
 
 
 if [[ $(docker network inspect external-net 2>&1 | grep -c Scope) == 0 ]]; then 
-    docker network create external-net
+docker network create external-net
 fi
 
 # Ensure the APP_URL is reachable from the zaproxy container

diff --git a/tdrs-backend/tdpservice/middleware.py b/tdrs-backend/tdpservice/middleware.py
@@ -2,7 +2,9 @@
 from django.utils.cache import add_never_cache_headers
 from django.conf import settings
 from django.contrib.sessions.middleware import SessionMiddleware
+import logging
 
+logger = logging.getLogger(__name__)
 class NoCacheMiddleware(object):
     """Disable client caching with a Cache-Control header."""
 
@@ -11,7 +13,10 @@ def __init__(self, get_response):
 
     def __call__(self, request):
         """Add appropriate headers to the response before sending it out."""
+        logger.debug("____________________Adding no cache headers to response")
         response = self.get_response(request)
+        response["Access-Control-Allow-Credentials"] = "true"
+        response["Access-Control-Allow-Origin"] = ""
         add_never_cache_headers(response)
         return response
 

diff --git a/tdrs-frontend/.env.development b/tdrs-frontend/.env.development
@@ -40,47 +40,3 @@ REACT_APP_EVENT_THROTTLE_TIME=60000
 #  @import '../../theme/_global.scss';
 # Without the variable, only the relative import is possible
 SASS_PATH=node_modules:src
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://local.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://local.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://local.app.cloud.gov
-REACT_APP_CF_SPACE=
-REACT_APP_BACKEND_URL=https://local.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://local.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://local.app.cloud.gov
-REACT_APP_CF_SPACE=
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
-REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1
-REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov
-REACT_APP_CF_SPACE=develop
diff --git a/tdrs-frontend/docker-compose.yml b/tdrs-frontend/docker-compose.yml
@@ -3,12 +3,13 @@ services:
   zaproxy:
     image: owasp/zap2docker-stable:2.13.0
     container_name: zap-scan
-    command: sleep 3600
+    command: sleep 13600
     ports:
       - 8090:8090
     networks:
       - local
     volumes:
+      - ../scripts:/zap/scripts/:rw
       - ./reports:/zap/wrk/:rw
       - ../scripts/zap-hook.py:/zap/scripts/zap-hook.py:ro
   tdp-frontend:

diff --git a/tdrs-frontend/nginx/cloud.gov/locations.conf b/tdrs-frontend/nginx/cloud.gov/locations.conf
@@ -19,6 +19,10 @@ location ~ ^/(v1|admin|static/admin|swagger|redocs) {
         add_header Access-Control-Allow-Origin 's3-us-gov-west-1.amazonaws.com';
 }
 
+if ($request_method ~ ^(PATCH|TRACE)$) { 
+			return 405; 
+}
+
 location = /profile {
     index index.html index.htm;
     try_files $uri $uri/ /index.html;