From 36cc7ce0cbefde0a4f5663b8edc16b0ce2ad46d4 Mon Sep 17 00:00:00 2001 From: Mo Sohani Date: Mon, 16 Oct 2023 13:00:39 -0400 Subject: [PATCH] temp --- scripts/zap-scanner.sh | 4 +- tdrs-backend/tdpservice/middleware.py | 5 +++ tdrs-frontend/.env.development | 44 -------------------- tdrs-frontend/docker-compose.yml | 3 +- tdrs-frontend/nginx/cloud.gov/locations.conf | 4 ++ 5 files changed, 13 insertions(+), 47 deletions(-) diff --git a/scripts/zap-scanner.sh b/scripts/zap-scanner.sh index 1461fd6a83..7a65e1b160 100755 --- a/scripts/zap-scanner.sh +++ b/scripts/zap-scanner.sh @@ -19,7 +19,7 @@ if [ "$ENVIRONMENT" = "nightly" ]; then fi elif [ "$ENVIRONMENT" = "circle" ] || [ "$ENVIRONMENT" = "local" ]; then if [ "$TARGET" = "frontend" ]; then - APP_URL="https://tdp-frontend-raft.app.cloud.gov" + APP_URL="https://tdp-frontend-raft.app.cloud.gov/" elif [ "$TARGET" = "backend" ]; then APP_URL="http://tdp-frontend/" else @@ -40,7 +40,7 @@ cd "$TARGET_DIR" || exit 2 if [[ $(docker network inspect external-net 2>&1 | grep -c Scope) == 0 ]]; then - docker network create external-net +docker network create external-net fi # Ensure the APP_URL is reachable from the zaproxy container diff --git a/tdrs-backend/tdpservice/middleware.py b/tdrs-backend/tdpservice/middleware.py index 92f7bc6658..81681e1909 100644 --- a/tdrs-backend/tdpservice/middleware.py +++ b/tdrs-backend/tdpservice/middleware.py @@ -2,7 +2,9 @@ from django.utils.cache import add_never_cache_headers from django.conf import settings from django.contrib.sessions.middleware import SessionMiddleware +import logging +logger = logging.getLogger(__name__) class NoCacheMiddleware(object): """Disable client caching with a Cache-Control header.""" @@ -11,7 +13,10 @@ def __init__(self, get_response): def __call__(self, request): """Add appropriate headers to the response before sending it out.""" + logger.debug("____________________Adding no cache headers to response") response = self.get_response(request) + response["Access-Control-Allow-Credentials"] = "true" + response["Access-Control-Allow-Origin"] = "" add_never_cache_headers(response) return response diff --git a/tdrs-frontend/.env.development b/tdrs-frontend/.env.development index 73a3ed9eb8..3c0c68d151 100644 --- a/tdrs-frontend/.env.development +++ b/tdrs-frontend/.env.development @@ -40,47 +40,3 @@ REACT_APP_EVENT_THROTTLE_TIME=60000 # @import '../../theme/_global.scss'; # Without the variable, only the relative import is possible SASS_PATH=node_modules:src -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://local.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://local.app.cloud.gov -REACT_APP_BACKEND_HOST=https://local.app.cloud.gov -REACT_APP_CF_SPACE= -REACT_APP_BACKEND_URL=https://local.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://local.app.cloud.gov -REACT_APP_BACKEND_HOST=https://local.app.cloud.gov -REACT_APP_CF_SPACE= -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop -REACT_APP_BACKEND_URL=https://tdp-frontend-raft.app.cloud.gov/v1 -REACT_APP_FRONTEND_URL=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_BACKEND_HOST=https://tdp-frontend-raft.app.cloud.gov -REACT_APP_CF_SPACE=develop diff --git a/tdrs-frontend/docker-compose.yml b/tdrs-frontend/docker-compose.yml index d75772fa58..157c1141b1 100644 --- a/tdrs-frontend/docker-compose.yml +++ b/tdrs-frontend/docker-compose.yml @@ -3,12 +3,13 @@ services: zaproxy: image: owasp/zap2docker-stable:2.13.0 container_name: zap-scan - command: sleep 3600 + command: sleep 13600 ports: - 8090:8090 networks: - local volumes: + - ../scripts:/zap/scripts/:rw - ./reports:/zap/wrk/:rw - ../scripts/zap-hook.py:/zap/scripts/zap-hook.py:ro tdp-frontend: diff --git a/tdrs-frontend/nginx/cloud.gov/locations.conf b/tdrs-frontend/nginx/cloud.gov/locations.conf index 779dc9f2a4..7574fc1124 100644 --- a/tdrs-frontend/nginx/cloud.gov/locations.conf +++ b/tdrs-frontend/nginx/cloud.gov/locations.conf @@ -19,6 +19,10 @@ location ~ ^/(v1|admin|static/admin|swagger|redocs) { add_header Access-Control-Allow-Origin 's3-us-gov-west-1.amazonaws.com'; } +if ($request_method ~ ^(PATCH|TRACE)$) { + return 405; +} + location = /profile { index index.html index.htm; try_files $uri $uri/ /index.html;