Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow external domains for getFile() calls #454

Merged
merged 1 commit into from
Jan 14, 2020
Merged

Allow external domains for getFile() calls #454

merged 1 commit into from
Jan 14, 2020

Conversation

joannasese
Copy link
Contributor

@joannasese joannasese commented Jan 9, 2020
edited by bhelx
Loading

Addresses issue 453.

  • Removed verifyUri from getFile, which will allow external domains, e.g. s3.amazonaws.com

We've determined it's safe to remove this check because getFile is limited to calls that are not processed by the client and getFile does not send authentication or PII details to it's target server. Futhermore, the URL comes from Recurly's response so we can reasonably assume it will be safe to invoke. Removing this check allows us to change the downloads in the future if they move from s3.

@joannasese joannasese force-pushed the dx-931-update-valid-domains branch from f2ebd3d to 14495d8 Compare January 9, 2020 18:47
@joannasese joannasese requested a review from bhelx January 9, 2020 18:47
@joannasese joannasese force-pushed the dx-931-update-valid-domains branch from fbe5814 to 143e3ac Compare January 9, 2020 21:27
@bhelx bhelx changed the title Add 's3.amazonaws.com' as valid domain Allow external domains for getFile() calls Jan 14, 2020
@bhelx
Copy link
Contributor

bhelx commented Jan 14, 2020

Could you change PR description to match the solution?

@joannasese
Copy link
Contributor Author

@bhelx whoops sorry about that.

bhelx
bhelx approved these changes Jan 14, 2020
View reviewed changes
Copy link
Contributor

@bhelx bhelx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@bhelx bhelx merged commit 7745686 into master Jan 14, 2020
@bhelx bhelx deleted the dx-931-update-valid-domains branch January 14, 2020 20:28
@joannasese joannasese mentioned this pull request Jan 14, 2020
Closed
@joannasese joannasese mentioned this pull request Feb 20, 2020
Merged
@bhelx bhelx added the V2 V2 Client label Mar 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bhelx bhelx bhelx approved these changes

Assignees
No one assigned
Labels
V2 V2 Client
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joannasese @bhelx