[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

opensearch-trigger-bot · 2024-03-08T23:21:02Z

Backport 58fb588 from #5641.

* support dynamic csp rules to mitigate clickjacking Signed-off-by: Tianle Huang <tianleh@amazon.com> * add unit tests for the provider class Signed-off-by: Tianle Huang <tianleh@amazon.com> * move request handler to its own class Signed-off-by: Tianle Huang <tianleh@amazon.com> * add license headers Signed-off-by: Tianle Huang <tianleh@amazon.com> * fix failed unit tests Signed-off-by: Tianle Huang <tianleh@amazon.com> * add unit tests for the handler Signed-off-by: Tianle Huang <tianleh@amazon.com> * add content to read me Signed-off-by: Tianle Huang <tianleh@amazon.com> * fix test error Signed-off-by: Tianle Huang <tianleh@amazon.com> * update readme Signed-off-by: Tianle Huang <tianleh@amazon.com> * update CHANGELOG.md Signed-off-by: Tianle Huang <tianleh@amazon.com> * update snap tests Signed-off-by: Tianle Huang <tianleh@amazon.com> * update snapshots Signed-off-by: Tianle Huang <tianleh@amazon.com> * fix a wrong import Signed-off-by: Tianle Huang <tianleh@amazon.com> * undo changes in listing snap Signed-off-by: Tianle Huang <tianleh@amazon.com> * improve wording Signed-off-by: Tianle Huang <tianleh@amazon.com> * set client after default client is created Signed-off-by: Tianle Huang <tianleh@amazon.com> * update return value and add a unit test Signed-off-by: Tianle Huang <tianleh@amazon.com> * remove unnecessary dependency Signed-off-by: Tianle Huang <tianleh@amazon.com> * make the name of the index configurable Signed-off-by: Tianle Huang <tianleh@amazon.com> * expose APIs and update file structures Signed-off-by: Tianle Huang <tianleh@amazon.com> * add header Signed-off-by: Tianle Huang <tianleh@amazon.com> * fix link error Signed-off-by: Tianle Huang <tianleh@amazon.com> * fix link error Signed-off-by: Tianle Huang <tianleh@amazon.com> * add more unit tests Signed-off-by: Tianle Huang <tianleh@amazon.com> * add more unit tests Signed-off-by: Tianle Huang <tianleh@amazon.com> * update api path Signed-off-by: Tianle Huang <tianleh@amazon.com> * remove logging Signed-off-by: Tianle Huang <tianleh@amazon.com> * update path Signed-off-by: Tianle Huang <tianleh@amazon.com> * rename index name Signed-off-by: Tianle Huang <tianleh@amazon.com> * update wording Signed-off-by: Tianle Huang <tianleh@amazon.com> * make the new plugin disabled by default Signed-off-by: Tianle Huang <tianleh@amazon.com> * do not update defaults to avoid breaking change Signed-off-by: Tianle Huang <tianleh@amazon.com> * update readme to reflect new API path Signed-off-by: Tianle Huang <tianleh@amazon.com> * update handler to append frame-ancestors conditionally Signed-off-by: Tianle Huang <tianleh@amazon.com> * update readme Signed-off-by: Tianle Huang <tianleh@amazon.com> * clean up code to prepare for application config Signed-off-by: Tianle Huang <tianleh@amazon.com> * reset change log Signed-off-by: Tianle Huang <tianleh@amazon.com> * reset change log again Signed-off-by: Tianle Huang <tianleh@amazon.com> * update accordingly to new changes in applicationConfig Signed-off-by: Tianle Huang <tianleh@amazon.com> * update changelog Signed-off-by: Tianle Huang <tianleh@amazon.com> * rename to a new plugin name Signed-off-by: Tianle Huang <tianleh@amazon.com> * rename Signed-off-by: Tianle Huang <tianleh@amazon.com> * rename more Signed-off-by: Tianle Huang <tianleh@amazon.com> * sync changelog from main Signed-off-by: Tianle Huang <tianleh@amazon.com> * onboard to app config Signed-off-by: Tianle Huang <tianleh@amazon.com> * fix comment Signed-off-by: Tianle Huang <tianleh@amazon.com> * update yml Signed-off-by: Tianle Huang <tianleh@amazon.com> * update readme Signed-off-by: Tianle Huang <tianleh@amazon.com> * update change log Signed-off-by: Tianle Huang <tianleh@amazon.com> * call out single quotes in readme Signed-off-by: Tianle Huang <tianleh@amazon.com> * update yml Signed-off-by: Tianle Huang <tianleh@amazon.com> * update default Signed-off-by: Tianle Huang <tianleh@amazon.com> * add reference link Signed-off-by: Tianle Huang <tianleh@amazon.com> * update js doc Signed-off-by: Tianle Huang <tianleh@amazon.com> * rename Signed-off-by: Tianle Huang <tianleh@amazon.com> * use new name Signed-off-by: Tianle Huang <tianleh@amazon.com> * redo changelog update Signed-off-by: Tianle Huang <tianleh@amazon.com> * remove link Signed-off-by: Tianle Huang <tianleh@amazon.com> * better name Signed-off-by: Tianle Huang <tianleh@amazon.com> --------- Signed-off-by: Tianle Huang <tianleh@amazon.com> (cherry picked from commit 58fb588) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

codecov · 2024-03-08T23:35:01Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.13%. Comparing base (8ccc90e) to head (881668a).

Additional details and impacted files

@@            Coverage Diff             @@
##              2.x    #6101      +/-   ##
==========================================
+ Coverage   67.12%   67.13%   +0.01%     
==========================================
  Files        3314     3315       +1     
  Lines       63875    63895      +20     
  Branches    10186    10189       +3     
==========================================
+ Hits        42877    42897      +20     
  Misses      18525    18525              
  Partials     2473     2473

Flag	Coverage Δ
Linux_1	`35.21% <ø> (ø)`
Linux_2	`55.12% <ø> (ø)`
Linux_3	`44.69% <100.00%> (+0.01%)`	⬆️
Linux_4	`35.32% <ø> (ø)`
Windows_1	`35.23% <ø> (ø)`
Windows_2	`55.09% <ø> (ø)`
Windows_3	`44.72% <100.00%> (+0.04%)`	⬆️
Windows_4	`35.32% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

opensearch-trigger-bot bot added the autocut Skip the changelog verification check on backports label Mar 8, 2024

opensearch-trigger-bot bot requested a review from ananzh as a code owner March 8, 2024 23:21

opensearch-trigger-bot bot added the v2.13.0 label Mar 8, 2024

opensearch-trigger-bot bot requested review from kavilla, AMoo-Miki, ashwin-pc, joshuarrrr, abbyhu2000, zengyan-amazon, kristenTian, zhongnansu, manasvinibs, ZilongX, Flyingliuhub, BSFishy, curq, bandinib-amzn, SuZhou-Joe and ruanyl as code owners March 8, 2024 23:21

xinruiba approved these changes Mar 8, 2024

View reviewed changes

BionIT approved these changes Mar 9, 2024

View reviewed changes

bandinib-amzn approved these changes Mar 9, 2024

View reviewed changes

bandinib-amzn merged commit b338dc9 into 2.x Mar 9, 2024
86 of 87 checks passed

github-actions bot deleted the backport/backport-5641-to-2.x branch March 9, 2024 00:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

opensearch-trigger-bot bot commented Mar 8, 2024

codecov bot commented Mar 8, 2024 •

edited

Loading

[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

[Backport 2.x] Support dynamic CSP rules to mitigate clickjacking #6101

Conversation

opensearch-trigger-bot bot commented Mar 8, 2024

codecov bot commented Mar 8, 2024 • edited Loading

Codecov Report

codecov bot commented Mar 8, 2024 •

edited

Loading