From 633c1fef2aa88af73666e4ecd94a25d9f61d5507 Mon Sep 17 00:00:00 2001 From: Andi Pieper Date: Wed, 9 Oct 2024 12:16:07 +0200 Subject: [PATCH 1/4] fix(api): make sure cors headers are there in any case --- httpobs/website/api.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/httpobs/website/api.py b/httpobs/website/api.py index aa01ce1..acb55ba 100644 --- a/httpobs/website/api.py +++ b/httpobs/website/api.py @@ -26,8 +26,8 @@ @api.route('/api/v1/analyze', methods=['GET', 'OPTIONS', 'POST']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header @sanitized_api_response def api_post_scan_hostname(): # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org @@ -127,8 +127,8 @@ def api_post_scan_hostname(): # TODO: Deprecate this and replace with __stats__ once website is updated @api.route('/api/v1/getGradeDistribution', methods=['GET', 'OPTIONS']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header def api_get_grade_totals(): totals = database.select_star_from('grade_distribution') @@ -140,8 +140,8 @@ def api_get_grade_totals(): @api.route('/api/v1/getHostHistory', methods=['GET', 'OPTIONS']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header def api_get_host_history(): # Get the hostname hostname = request.args.get('host', '').lower() @@ -175,8 +175,8 @@ def api_get_host_history(): @api.route('/api/v1/getRecentScans', methods=['GET', 'OPTIONS']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header def api_get_recent_scans(): try: # Get the min and max scores, if they're there @@ -198,8 +198,8 @@ def api_get_recent_scans(): # TODO: Deprecate @api.route('/api/v1/getScannerStates', methods=['GET', 'OPTIONS']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header def api_get_scanner_states(): stats = database.select_scan_scanner_statistics(verbose=False) @@ -208,8 +208,8 @@ def api_get_scanner_states(): @api.route('/api/v1/__stats__', methods=['GET', 'OPTIONS']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header def api_get_scanner_stats(): pretty = True if request.args.get('pretty', '').lower() == 'true' else False verbose = False @@ -277,8 +277,8 @@ def api_get_scanner_stats(): @api.route('/api/v1/getScanResults', methods=['GET', 'OPTIONS']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers(cors=True) +@check_for_deprecation_override_header @sanitized_api_response def api_get_scan_results(): scan_id = request.args.get('scan') @@ -308,8 +308,8 @@ def api_get_scan_results(): @api.route('/contribute.json', methods=['GET']) @add_sunset_headers() -@check_for_deprecation_override_header @add_response_headers() +@check_for_deprecation_override_header def contribute_json(): __dirname = os.path.abspath(os.path.dirname(__file__)) __filename = os.path.join(__dirname, '..', 'docs', 'contribute.json') From ead49caa8d0dd2f134fe47da4297225924822b79 Mon Sep 17 00:00:00 2001 From: Andi Pieper Date: Wed, 9 Oct 2024 12:17:50 +0200 Subject: [PATCH 2/4] fix(api): remove sunset enforcement --- httpobs/website/api.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/httpobs/website/api.py b/httpobs/website/api.py index acb55ba..dd777b5 100644 --- a/httpobs/website/api.py +++ b/httpobs/website/api.py @@ -27,7 +27,7 @@ @api.route('/api/v1/analyze', methods=['GET', 'OPTIONS', 'POST']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header @sanitized_api_response def api_post_scan_hostname(): # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org @@ -128,7 +128,7 @@ def api_post_scan_hostname(): @api.route('/api/v1/getGradeDistribution', methods=['GET', 'OPTIONS']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header def api_get_grade_totals(): totals = database.select_star_from('grade_distribution') @@ -141,7 +141,7 @@ def api_get_grade_totals(): @api.route('/api/v1/getHostHistory', methods=['GET', 'OPTIONS']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header def api_get_host_history(): # Get the hostname hostname = request.args.get('host', '').lower() @@ -176,7 +176,7 @@ def api_get_host_history(): @api.route('/api/v1/getRecentScans', methods=['GET', 'OPTIONS']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header def api_get_recent_scans(): try: # Get the min and max scores, if they're there @@ -199,7 +199,7 @@ def api_get_recent_scans(): @api.route('/api/v1/getScannerStates', methods=['GET', 'OPTIONS']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header def api_get_scanner_states(): stats = database.select_scan_scanner_statistics(verbose=False) @@ -209,7 +209,7 @@ def api_get_scanner_states(): @api.route('/api/v1/__stats__', methods=['GET', 'OPTIONS']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header def api_get_scanner_stats(): pretty = True if request.args.get('pretty', '').lower() == 'true' else False verbose = False @@ -278,7 +278,7 @@ def api_get_scanner_stats(): @api.route('/api/v1/getScanResults', methods=['GET', 'OPTIONS']) @add_sunset_headers() @add_response_headers(cors=True) -@check_for_deprecation_override_header +# @check_for_deprecation_override_header @sanitized_api_response def api_get_scan_results(): scan_id = request.args.get('scan') @@ -309,7 +309,7 @@ def api_get_scan_results(): @api.route('/contribute.json', methods=['GET']) @add_sunset_headers() @add_response_headers() -@check_for_deprecation_override_header +# @check_for_deprecation_override_header def contribute_json(): __dirname = os.path.abspath(os.path.dirname(__file__)) __filename = os.path.join(__dirname, '..', 'docs', 'contribute.json') From 9dcb9c2630cdce2c82fe3ce3cf2c2c67250119e9 Mon Sep 17 00:00:00 2001 From: Andi Pieper Date: Wed, 9 Oct 2024 12:20:20 +0200 Subject: [PATCH 3/4] linter --- httpobs/website/api.py | 1 - 1 file changed, 1 deletion(-) diff --git a/httpobs/website/api.py b/httpobs/website/api.py index dd777b5..eac76d1 100644 --- a/httpobs/website/api.py +++ b/httpobs/website/api.py @@ -13,7 +13,6 @@ from httpobs.website import ( add_response_headers, add_sunset_headers, - check_for_deprecation_override_header, sanitized_api_response, ) from httpobs.website.utils import valid_hostname From 382a2948a1433e4b415414c1412bc5cbbcb31012 Mon Sep 17 00:00:00 2001 From: Andi Pieper Date: Wed, 9 Oct 2024 12:23:33 +0200 Subject: [PATCH 4/4] linter --- httpobs/website/api.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/httpobs/website/api.py b/httpobs/website/api.py index eac76d1..18ea106 100644 --- a/httpobs/website/api.py +++ b/httpobs/website/api.py @@ -10,11 +10,7 @@ from httpobs.conf import API_ALLOW_VERBOSE_STATS_FROM_PUBLIC, API_COOLDOWN, DEVELOPMENT_MODE from httpobs.scanner import scan from httpobs.scanner.grader import GRADES, get_score_description -from httpobs.website import ( - add_response_headers, - add_sunset_headers, - sanitized_api_response, -) +from httpobs.website import add_response_headers, add_sunset_headers, sanitized_api_response from httpobs.website.utils import valid_hostname api = Blueprint('api', __name__)