autopkgtest-cloud

Merge ~xnox/autopkgtest-cloud:https-everything into autopkgtest-cloud:master

Proposed by Dimitri John Ledkov on 2021-08-20

Status:	Rejected
Rejected by:	Iain Lane on 2021-08-20
Proposed branch:	~xnox/autopkgtest-cloud:https-everything
Merge into:	autopkgtest-cloud:master
Diff against target:	23 lines (+4/-1) 1 file modified charms/focal/autopkgtest-web/webcontrol/request/app.py (+4/-1)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Iain Lane		2021-08-20	Disapprove on 2021-08-20
Review via email: mp+407449@code.launchpad.net

Commit message

Use https url for github status

Rewrite incoming request, as if it came over https, such that url generated in the login/submit form is also https, thus preventing browser errors which claim that http->https redirect is insecure.

Revision history for this message

Iain Lane (laney) wrote on 2021-08-20:

We'll go with https://code.launchpad.net/~ubuntu-release/autopkgtest-cloud/+git/autopkgtest-cloud/+merge/407450

thanks!

review: Disapprove

Unmerged commits

dcd50f6... by Dimitri John Ledkov on 2021-08-20

request: enforce https in the webform callbacks

Signed-off-by: Dimitri John Ledkov <email address hidden>

9d3a192... by Dimitri John Ledkov on 2021-08-20

request: use https for github test pending page

Signed-off-by: Dimitri John Ledkov <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Dimitri John Ledkov

Simon Quigley

Ubuntu Release Team

1	diff --git a/charms/focal/autopkgtest-web/webcontrol/request/app.py b/charms/focal/autopkgtest-web/webcontrol/request/app.py
2	index 66e3539..78a9770 100644
3	--- a/charms/focal/autopkgtest-web/webcontrol/request/app.py
4	+++ b/charms/focal/autopkgtest-web/webcontrol/request/app.py
5	@@ -116,6 +116,9 @@ oid = OpenID(app, os.path.join(PATH, 'openid'), safe_roots=[])
6	def index_root():
7	"""Handle all GET requests."""
8	session.permanent = True
9	+ # even if request came internally over http from haproxy
10	+ # change scheme to https, such that browser redirects work
11	+ request.scheme = 'https'
12	session['next'] = maybe_escape(request.url)
13	nick = maybe_escape(session.get('nickname'))
14
15	@@ -183,7 +186,7 @@ def index_root():
16	'context': '%s-%s' % (params['release'], params['arch']),
17	'description': 'autopkgtest running',
18	'target_url':
19	- 'http://autopkgtest.ubuntu.com/running#pkg-' + params['package']}
20	+ 'https://autopkgtest.ubuntu.com/running#pkg-' + params['package']}
21	s.post_json(statuses_url, status,
22	os.path.expanduser('~/github-status-credentials.txt'),
23	params['package'])