Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Restrict getAuthInfo Action to trusted Adobe Origins #366

Merged
merged 3 commits into from
Nov 19, 2024
Merged

fix: Restrict getAuthInfo Action to trusted Adobe Origins #366

merged 3 commits into from
Nov 19, 2024

Conversation

andreituicu
Copy link
Collaborator

Description

Restrict the origins for which the getAuthInfo external action will return meaningful information.
For the moment, it is just: labs.aem.live, tools.aem.live, aem.live, their edge delivery origin patterns and the development localhost.

Related Issue

Related to: #259

Motivation and Context

How Has This Been Tested?

Unit tests + installing the extension in the browser and testing with:

  • A random AEM website, that's not trusted.
  • Helix Labs
  • localhost

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@andreituicu
Copy link
Collaborator Author

The failing tests seems unrelated to the change 🤔

 Onboarding modal > uses theme from appStore
      TypeError: Cannot read properties of undefined (reading 'className')

Locally for me they all pass:

 39/39 test files | 530 passed, 0 failed, 1 skipped

Code coverage: 99.37 %

@andreituicu andreituicu requested review from rofe and dylandepass and removed request for rofe November 18, 2024 15:09
@codecov Codecov
Copy link

codecov bot commented Nov 18, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.95%. Comparing base (7b23686) to head (c1ca6c9).

Additional details and impacted files 
@@                Coverage Diff                @@
##           release-20241119     #366   +/-   ##
=================================================
  Coverage             99.95%   99.95%           
=================================================
  Files                    54       54           
  Lines                  2172     2182   +10     
=================================================
+ Hits                   2171     2181   +10     
  Misses                    1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚨 Try these New Features:

rofe
rofe requested changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@rofe rofe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

src/extension/actions.js Outdated Show resolved Hide resolved
src/extension/actions.js Outdated Show resolved Hide resolved
@rofe rofe changed the base branch from main to release-20241119 November 19, 2024 14:38
@rofe rofe merged commit 0cc413f into release-20241119 Nov 19, 2024
6 checks passed
@rofe rofe deleted the restrict-getauthinfo branch November 19, 2024 14:41
rofe pushed a commit that referenced this pull request Nov 19, 2024
@semantic-release-bot
chore(release): 7.1.2 [skip ci]
3b3ffd7 
## [7.1.2](v7.1.1...v7.1.2) (2024-11-19)

### Bug Fixes

* Restrict getAuthInfo Action to trusted Adobe Origins ([#366](#366)) ([0cc413f](0cc413f))
* show accurate activity message for config files ([#367](#367)) ([ace87bd](ace87bd))
@trieloff
Copy link

🎉 This PR is included in version 7.1.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dylandepass dylandepass dylandepass approved these changes

@rofe rofe rofe approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andreituicu @trieloff @rofe @dylandepass