Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 5952: Add X-Brave-Partner to CORS safelisted request headers #3434

Merged
merged 1 commit into from
Sep 16, 2019
Merged

Issue 5952: Add X-Brave-Partner to CORS safelisted request headers #3434

merged 1 commit into from
Sep 16, 2019
+38 −0

Conversation

jumde
Copy link
Contributor

@jumde jumde commented Sep 15, 2019
edited by bsclifton
Loading

Fix brave/brave-browser#5952

Submitter Checklist:

Test Plan:

  1. Navigate to coinbase.com
  2. Login and verify the dashboard shows up.

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@jumde jumde requested a review from bridiver as a code owner September 15, 2019 13:25
@jumde jumde self-assigned this Sep 15, 2019
bsclifton
bsclifton previously approved these changes Sep 15, 2019
View reviewed changes
Copy link
Member

@bsclifton bsclifton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified this works great! Nice work 😄

I cherry-picked into 0.68.x... will let @bridiver assess the patch and other aspects of this PR

@bsclifton bsclifton added this to the 0.72.x - Nightly milestone Sep 15, 2019
@jumde jumde force-pushed the update_safelisted_headers branch from 46aa192 to 0ffd590 Compare September 16, 2019 06:44
@jumde jumde changed the title Issue 6021: Add X-Brave-Partner to CORS safelisted request headers Issue 5952: Add X-Brave-Partner to CORS safelisted request headers Sep 16, 2019
bsclifton
bsclifton approved these changes Sep 16, 2019
View reviewed changes
Copy link
Member

@bsclifton bsclifton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security review for this passed; it has been deployed to release channel with 0.68.136

As noted in security review, we'll want to revert this at some point:

  • when partners can whitelist the header
  • we change to a UA based detection for partners

@bsclifton bsclifton mentioned this pull request Sep 16, 2019
Closed
@bsclifton
Copy link
Member

Created brave/brave-browser#6041 as a follow up

@bsclifton bsclifton merged commit 9c60aa0 into master Sep 16, 2019
@bsclifton bsclifton deleted the update_safelisted_headers branch September 16, 2019 21:24
@bsclifton bsclifton mentioned this pull request Sep 16, 2019
Merged
32 tasks
bsclifton added a commit that referenced this pull request Sep 16, 2019
@bsclifton
Merge pull request #3434 from brave/update_safelisted_headers
ef4f1cd 
Issue 5952: Add X-Brave-Partner to CORS safelisted request headers
@bsclifton bsclifton mentioned this pull request Sep 16, 2019
Merged
32 tasks
brave-builds pushed a commit that referenced this pull request Sep 16, 2019
@brave-browser-releases
Uplift of #3434 (squashed) to dev
0625b69
@brave-builds brave-builds mentioned this pull request Sep 16, 2019
Merged
4 tasks
bsclifton added a commit that referenced this pull request Sep 17, 2019
@bsclifton
Merge pull request #3434 from brave/update_safelisted_headers
16b53df 
Issue 5952: Add X-Brave-Partner to CORS safelisted request headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bsclifton bsclifton bsclifton approved these changes

@bridiver bridiver Awaiting requested review from bridiver

Assignees

@jumde jumde

Labels
None yet
Projects
None yet
Milestone
1.1.x - Release
Development

Successfully merging this pull request may close these issues.

C77 - Errors logging into Uphold/Coinbase/etc
2 participants
@jumde @bsclifton