Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting CORS policy for metadata validation service in dev environment #678

Closed
4 tasks done
placek opened this issue Apr 9, 2024 · 1 comment · Fixed by #690
Closed
4 tasks done

Setting CORS policy for metadata validation service in dev environment #678

placek opened this issue Apr 9, 2024 · 1 comment · Fixed by #690
Assignees
@placek
Labels
🏗 Infrastructure
Milestone
Infrastructure ma...

Comments

@placek
Copy link
Contributor

placek commented Apr 9, 2024
edited
Loading

As a developer,

I want to open a metadata validation service on the dev environment

so that I can access it from localhost only.

Summary:

The task at hand involves configuring Cross-Origin Resource Sharing (CORS) policies for a metadata validation service in a development environment. This configuration will ensure that the service can only be accessed by developers from the localhost, limiting access to the dev server exclusively.

Acceptance Criteria:

  • Implement CORS settings on the metadata validation service to allow access only from localhost in the dev environment.
  • Verify that only developers from the localhost can access the metadata validation service.
  • Ensure that the CORS configuration does not impact any other functionalities of the service.
  • Document the steps taken to configure the CORS policy for future reference.
@placek placek self-assigned this Apr 9, 2024
placek added a commit that referenced this issue Apr 11, 2024
@placek
[#678] Apply specific CORS parameters for metadata-validation service
2790e15 
In this commit, specific CORS parameters are added to the
`docker-compose.yml.tpl` file to facilitate developers' access to the
metadata validation service from their individual machines within the
dev environment. The CORS configuration includes settings related to
allowed methods, headers, origins, and maximum age. By implementing
these CORS parameters, developers can utilize the metadata validation
service effectively while ensuring secure and controlled access from
their local environments.
@placek placek mentioned this issue Apr 11, 2024
Merged
@placek placek linked a pull request Apr 11, 2024 that will close this issue
[#678] Setting CORS policy for metadata validation service in dev environment #690
Merged
placek added a commit that referenced this issue Apr 11, 2024
@placek
Merge pull request #690 from IntersectMBO/chore/678-setting-cors-poli…
2fc7e74 
…cy-for-metadata-validation-service-in-dev-environment

[#678] Setting CORS policy for metadata validation service in dev environment
placek added a commit that referenced this issue Apr 12, 2024
@placek
[#678] Build images that cannot be pulled from repositories
f3f3f8b 
Implement build process to create images that cannot be pulled from
external repositories when deploying the stack. The modification in the
Makefile sets up the build command to prevent pulling images externally
during the deployment process. By adding the `--build` flag in the
`docker-compose` command, it ensures that images are only built locally
and not fetched from external sources. This aligns with the requirement
to restrict access to the metadata validation service, ensuring that
only localhost is used for accessing resources, thus strengthening
security measures.
placek added a commit that referenced this issue Apr 12, 2024
@placek
[#678] Add Google Tag Manager to the img-src CSP directive
a4ee118 
In response to the user story requiring the metadata validation service
to be accessible only from localhost for security reasons, this commit
includes a modification to the CSP (Content Security Policy) directive
in the docker-compose.yml file. The change specifically adds
'https://www.googletagmanager.com' to the img-src directive, ensuring
that resources from Google Tag Manager are permitted in the service.
This adjustment enhances security measures by properly configuring the
CSP policy to allow resources only from specified sources.
@pmbinapps pmbinapps mentioned this issue Apr 19, 2024
Merged
@MSzalowski MSzalowski mentioned this issue Apr 19, 2024
Merged
@pmbinapps
Copy link

pmbinapps commented Apr 29, 2024
edited
Loading

That is to be synced with current Haskel backend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@placek placek

Labels
🏗 Infrastructure
Projects
Govtool all
Status: Done
Milestone
Infrastructure management (DevOps)
Development

Successfully merging a pull request may close this issue.

[#678] Setting CORS policy for metadata validation service in dev environment IntersectMBO/govtool
2 participants
@placek @pmbinapps