Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modified reading tokens from headers #620

Merged
merged 2 commits into from
Sep 7, 2024
Merged

modified reading tokens from headers #620

merged 2 commits into from
Sep 7, 2024

Conversation

alimaktabi
Copy link
Collaborator

@alimaktabi alimaktabi commented Sep 7, 2024
edited by sourcery-ai bot
Loading

Summary by Sourcery

Modify the method of retrieving turnstile tokens from request data to request headers and update CORS settings to allow specific headers.

Enhancements:

  • Allow additional headers 'cf-turnstile-response' and 'hc-turnstile-response' in CORS settings.

@sourcery-ai Sourcery AI
Copy link
Contributor

sourcery-ai bot commented Sep 7, 2024
edited
Loading

Reviewer's Guide by Sourcery

This pull request modifies the way CAPTCHA tokens are read from the request, moving from reading from the request data to reading from the request headers. It also updates the CORS settings to allow specific headers related to CAPTCHA responses.

File-Level Changes

Change Details Files
Updated CORS settings to allow specific CAPTCHA-related headers
  • Added 'cf-turnstile-response' and 'hc-turnstile-response' to the list of allowed CORS headers
 brightIDfaucet/settings.py
Modified CAPTCHA token retrieval from request data to request headers
  • Changed CloudFlare turnstile token retrieval from request.data to request.headers
  • Changed hCaptcha token retrieval from request.data to request.headers
  • Removed fallback to 'cf-turnstile-response' for hCaptcha token retrieval
 core/constraints/captcha.py
Tips
  • Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
  • Continue your discussion with Sourcery by replying directly to review comments.
  • You can change your review settings at any time by accessing your dashboard:
    • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
    • Change the review language;
  • You can always contact us if you have any questions or feedback.

sourcery-ai[bot]
sourcery-ai bot reviewed Sep 7, 2024
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @alimaktabi - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider maintaining the fallback option for 'cf-turnstile-response' in the HCaptcha check to ensure backward compatibility with existing clients.
Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

brightIDfaucet/settings.py Show resolved Hide resolved
@alimaktabi alimaktabi merged commit a55624e into develop Sep 7, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alimaktabi