← Back to team overview

launchpad-reviewers team mailing list archive

[Merge] lp:~cjwatson/canonical-mojo-specs/snap-proxy-options-method into lp:~canonical-launchpad-branches/canonical-mojo-specs/trunk

 

Colin Watson has proposed merging lp:~cjwatson/canonical-mojo-specs/snap-proxy-options-method into lp:~canonical-launchpad-branches/canonical-mojo-specs/trunk.

Commit message:
Allow OPTIONS, used by Subversion.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1818248 in Rutabaga: "snapcraft refuses to checkout svn part source on buildd"
  https://bugs.launchpad.net/rutabaga/+bug/1818248

For more details, see:
https://code.launchpad.net/~cjwatson/canonical-mojo-specs/snap-proxy-options-method/+merge/363912

Despite what https://svn.apache.org/repos/asf/subversion/trunk/notes/http-and-webdav/webdav-protocol says, "svn checkout" apparently uses the OPTIONS method.  There's no reason not to allow this, so do so.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/canonical-mojo-specs/snap-proxy-options-method into lp:~canonical-launchpad-branches/canonical-mojo-specs/trunk.
=== modified file 'lp/mojo-lp-snap-proxy/production/deploy'
--- lp/mojo-lp-snap-proxy/production/deploy	2018-09-05 11:24:24 +0000
+++ lp/mojo-lp-snap-proxy/production/deploy	2019-03-04 13:07:55 +0000
@@ -33,7 +33,7 @@
                      # Deny requests to ports other than 80, 443, 9418
                      {"!port": [80, 443, 9418], http_access: deny},
                      # Whitelist HTTP methods
-                     {"!method": [GET, POST, CONNECT, PROPFIND, REPORT],
+                     {"!method": [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       http_access: deny},
                      # Whitelist non-auth-requiring hosts on blacklisted
                      # networks.
@@ -59,7 +59,7 @@
                      # the PTR and match it against dstdomain rules!
                      # This is obviously completely holey.
                      {port: [80, 443, 9418],
-                      method: [GET, POST, CONNECT, PROPFIND, REPORT],
+                      method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       # DSTDOMAIN IS FORBIDDEN.
                       dst: [
                         # launchpadlibrarian.net, a benign host outside
@@ -152,7 +152,7 @@
                      # ::/3 before whitelisting IPv4 you will have a bad
                      # time.
                      {port: [80, 443, 9418],
-                      method: [GET, POST, CONNECT, PROPFIND, REPORT],
+                      method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       dst: [0.0.0.0/1, 128.0.0.1/1, "2000::/3"],
                       http_access: allow},
                      # Deny anything with any IP address that has not
@@ -162,7 +162,7 @@
                      # IP address, so we want to return a DNS error
                      # rather than a permission violation.
                      {port: [80, 443, 9418],
-                      method: [GET, POST, CONNECT, PROPFIND, REPORT],
+                      method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       http_access: allow},
                      ]
                 auth_params: |

=== modified file 'lp/mojo-lp-snap-proxy/qastaging/deploy'
--- lp/mojo-lp-snap-proxy/qastaging/deploy	2018-09-05 11:24:24 +0000
+++ lp/mojo-lp-snap-proxy/qastaging/deploy	2019-03-04 13:07:55 +0000
@@ -33,7 +33,7 @@
                      # Deny requests to ports other than 80, 443, 9418
                      {"!port": [80, 443, 9418], http_access: deny},
                      # Whitelist HTTP methods
-                     {"!method": [GET, POST, CONNECT, PROPFIND, REPORT],
+                     {"!method": [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       http_access: deny},
                      # Whitelist non-auth-requiring hosts on blacklisted
                      # networks.
@@ -59,7 +59,7 @@
                      # the PTR and match it against dstdomain rules!
                      # This is obviously completely holey.
                      {port: [80, 443, 9418],
-                      method: [GET, POST, CONNECT, PROPFIND, REPORT],
+                      method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       # DSTDOMAIN IS FORBIDDEN.
                       dst: [
                         # launchpadlibrarian.net, a benign host outside
@@ -155,7 +155,7 @@
                      # ::/3 before whitelisting IPv4 you will have a bad
                      # time.
                      {port: [80, 443, 9418],
-                      method: [GET, POST, CONNECT, PROPFIND, REPORT],
+                      method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       dst: [0.0.0.0/1, 128.0.0.1/1, "2000::/3"],
                       http_access: allow},
                      # Deny anything with any IP address that has not
@@ -165,7 +165,7 @@
                      # IP address, so we want to return a DNS error
                      # rather than a permission violation.
                      {port: [80, 443, 9418],
-                      method: [GET, POST, CONNECT, PROPFIND, REPORT],
+                      method: [GET, POST, CONNECT, OPTIONS, PROPFIND, REPORT],
                       http_access: allow},
                      ]
                 auth_params: |


Follow ups