launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #23341
[Merge] lp:~cjwatson/canonical-mojo-specs/snap-proxy-options-method into lp:~canonical-launchpad-branches/canonical-mojo-specs/trunk
Colin Watson has proposed merging lp:~cjwatson/canonical-mojo-specs/snap-proxy-options-method into lp:~canonical-launchpad-branches/canonical-mojo-specs/trunk.
Commit message:
Allow OPTIONS, used by Subversion.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
Bug #1818248 in Rutabaga: "snapcraft refuses to checkout svn part source on buildd"
https://bugs.launchpad.net/rutabaga/+bug/1818248
For more details, see:
https://code.launchpad.net/~cjwatson/canonical-mojo-specs/snap-proxy-options-method/+merge/363912
Despite what https://svn.apache.org/repos/asf/subversion/trunk/notes/http-and-webdav/webdav-protocol says, "svn checkout" apparently uses the OPTIONS method. There's no reason not to allow this, so do so.
--
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/canonical-mojo-specs/snap-proxy-options-method into lp:~canonical-launchpad-branches/canonical-mojo-specs/trunk.
=== modified file 'lp/mojo-lp-snap-proxy/production/deploy'
--- lp/mojo-lp-snap-proxy/production/deploy 2018-09-05 11:24:24 +0000
+++ lp/mojo-lp-snap-proxy/production/deploy 2019-03-04 13:07:55 +0000
@@ -33,7 +33,7 @@
# Deny requests to ports other than 80, 443, 9418
{"!port": [80, 443, 9418], http_access: deny},
# Whitelist HTTP methods
- {"!method": [GET, POST, CONNECT, PROPFIND, REPORT],
+ {"!method": [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
http_access: deny},
# Whitelist non-auth-requiring hosts on blacklisted
# networks.
@@ -59,7 +59,7 @@
# the PTR and match it against dstdomain rules!
# This is obviously completely holey.
{port: [80, 443, 9418],
- method: [GET, POST, CONNECT, PROPFIND, REPORT],
+ method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
# DSTDOMAIN IS FORBIDDEN.
dst: [
# launchpadlibrarian.net, a benign host outside
@@ -152,7 +152,7 @@
# ::/3 before whitelisting IPv4 you will have a bad
# time.
{port: [80, 443, 9418],
- method: [GET, POST, CONNECT, PROPFIND, REPORT],
+ method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
dst: [0.0.0.0/1, 128.0.0.1/1, "2000::/3"],
http_access: allow},
# Deny anything with any IP address that has not
@@ -162,7 +162,7 @@
# IP address, so we want to return a DNS error
# rather than a permission violation.
{port: [80, 443, 9418],
- method: [GET, POST, CONNECT, PROPFIND, REPORT],
+ method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
http_access: allow},
]
auth_params: |
=== modified file 'lp/mojo-lp-snap-proxy/qastaging/deploy'
--- lp/mojo-lp-snap-proxy/qastaging/deploy 2018-09-05 11:24:24 +0000
+++ lp/mojo-lp-snap-proxy/qastaging/deploy 2019-03-04 13:07:55 +0000
@@ -33,7 +33,7 @@
# Deny requests to ports other than 80, 443, 9418
{"!port": [80, 443, 9418], http_access: deny},
# Whitelist HTTP methods
- {"!method": [GET, POST, CONNECT, PROPFIND, REPORT],
+ {"!method": [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
http_access: deny},
# Whitelist non-auth-requiring hosts on blacklisted
# networks.
@@ -59,7 +59,7 @@
# the PTR and match it against dstdomain rules!
# This is obviously completely holey.
{port: [80, 443, 9418],
- method: [GET, POST, CONNECT, PROPFIND, REPORT],
+ method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
# DSTDOMAIN IS FORBIDDEN.
dst: [
# launchpadlibrarian.net, a benign host outside
@@ -155,7 +155,7 @@
# ::/3 before whitelisting IPv4 you will have a bad
# time.
{port: [80, 443, 9418],
- method: [GET, POST, CONNECT, PROPFIND, REPORT],
+ method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
dst: [0.0.0.0/1, 128.0.0.1/1, "2000::/3"],
http_access: allow},
# Deny anything with any IP address that has not
@@ -165,7 +165,7 @@
# IP address, so we want to return a DNS error
# rather than a permission violation.
{port: [80, 443, 9418],
- method: [GET, POST, CONNECT, PROPFIND, REPORT],
+ method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
http_access: allow},
]
auth_params: |
Follow ups