Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[USH-4025] Add waf_allow to EditBasicProjectInfoView #34017

Merged
merged 3 commits into from
Jan 29, 2024
Merged

[USH-4025] Add waf_allow to EditBasicProjectInfoView #34017

merged 3 commits into from
Jan 29, 2024

Conversation

akashkj
Copy link
Contributor

@akashkj akashkj commented Jan 23, 2024
edited
Loading

Product Description

Currently some of the image upload in project settings result in 403 forbidden due to metadata attached to it. Adding a WAF rule to allow such requests.

Technical Summary

https://dimagi-dev.atlassian.net/browse/USH-4025

From WAF logs in Athena, getting XBODY_XSS blocking - [{conditiontype=XSS, location=BODY, matcheddata=[<?, ]}]

Feature Flag

NA

Safety Assurance

Safety story

https://confluence.dimagi.com/pages/viewpage.action?spaceKey=saas&title=How+traffic+gets+to+our+system%3A+Global+Accelerator%2C+ALB%2C+and+WAF

To be tested on staging

Automated test coverage

NA

QA Plan

NA

Migrations

NA

Rollback instructions

  • This PR can be reverted after deploy with no further considerations

Labels & Review

  • Risk label is set correctly
  • The set of people pinged as reviewers is appropriate for the level of risk of the change

@dannyroberts
Copy link
Member

@akashkj for dimagi/commcare-cloud#6210 to be merged, this one has to be reviewed and merged as well. Can you clean up this PR? I'm going to convert it to "draft" which is our standard status for changeset you're intending to PR soon but that doesn't yet meet the basic formal standards for a PR.

@dannyroberts dannyroberts marked this pull request as draft January 23, 2024 19:41
@akashkj akashkj mentioned this pull request Jan 24, 2024
Merged
@akashkj akashkj added the product/all-users-all-environments Change impacts all users on all environments label Jan 24, 2024
@akashkj akashkj requested a review from dannyroberts January 24, 2024 16:27
@akashkj akashkj marked this pull request as ready for review January 24, 2024 16:29
@akashkj
Copy link
Contributor Author

akashkj commented Jan 25, 2024

@dannyroberts I have modified the url to include waf_allow. My understanding is this much is sufficient on HQ side for a view. Is anything else to be added in this?

@akashkj akashkj merged commit 1fcba78 into master Jan 29, 2024
13 checks passed
@akashkj akashkj deleted the akj/ush-4025-image-upload-waf branch January 29, 2024 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orangejenny orangejenny orangejenny approved these changes

@dannyroberts dannyroberts dannyroberts approved these changes

Assignees
No one assigned
Labels
product/all-users-all-environments Change impacts all users on all environments
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akashkj @dannyroberts @orangejenny