update/fix PROXY_DEPTH default value, add 'diagnostics' endpoint #1193
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
also some cleanup in admin endpoint file
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Kudos, SonarCloud Quality Gate passed!
|
| _require_admin() | ||
| log_info_with_request("diagnostics", headers=request.headers) | ||
| response_text = f"request path: {request.headers.get('X-Forwarded-For', 'idk')}" | ||
| return make_response(response_text, 200, {'content-type': 'text/plain'}) |
Check failure
Code scanning / SonarCloud
Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(...and also some cleanup in admin endpoint file)
turns out... the default value for
PROXY_DEPTHset in #1191 is not high enough for the CC API servers and is likely not high enough for the AWS API servers. iirc, the old value of "2" came from some testing on the staging setup, which is apparently not close enough to the configuration of either of the prod setups.this change updates the value to match CC, which should be sufficient for AWS. this change also adds a new endpoint (
api.delphi/epidata/admin/diagnostics) which gives more visibility into the proxy chain of a running system (and maybe other things in the future). it is only accessible with an admin token.