Send Upload Token via Header #439

MrJaeger · 2021-06-09T18:23:30Z

Purpose

Send the upload token via header, which is more secure than as a URL param.

Tests and Risks?

I updated tests to pass, but not sure there's a good way thus token is being set as a header :(

Update the SHA hash files

Done

thomasrockhu · 2021-06-09T18:31:18Z

Should be good after you fix tests, will review again before merging in

codecov · 2021-06-09T19:10:54Z

Codecov Report

Merging #439 (2c3ae19) into master (965008c) will increase coverage by 0.03%.
The diff coverage is 50.00%.

@@            Coverage Diff             @@
##           master     #439      +/-   ##
==========================================
+ Coverage   45.78%   45.82%   +0.03%     
==========================================
  Files          20       20              
  Lines        2859     2859              
==========================================
+ Hits         1309     1310       +1     
+ Misses       1550     1549       -1

Flag	Coverage Δ
test	`39.22% <0.00%> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
codecov	`67.64% <50.00%> (+0.06%)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 965008c...2c3ae19. Read the comment docs.

* Fix go regex (#436) * Send Upload Token via Header (#439) * Send token via HTTP header vs. URL param * Revert testing change * Update script to use token in header * update SHASUM * maybe fix tests? * Undo accidental deletion * More test fixes * fix build Co-authored-by: Tom Hu <thomasrockhu@users.noreply.github.com> Co-authored-by: Andrew Jaeger <mrjaeger00@gmail.com>

* Releasing new version of the uploader (#445) * Fix go regex (#436) * Send Upload Token via Header (#439) * Send token via HTTP header vs. URL param * Revert testing change * Update script to use token in header * update SHASUM * maybe fix tests? * Undo accidental deletion * More test fixes * fix build Co-authored-by: Tom Hu <thomasrockhu@users.noreply.github.com> Co-authored-by: Andrew Jaeger <mrjaeger00@gmail.com> * Update to 1.0.4 Co-authored-by: Subhi Beidas <subhibeidas@gmail.com> Co-authored-by: Andrew Jaeger <mrjaeger00@gmail.com>

* Pull in `1.0.4` into `master` (#448) * Releasing new version of the uploader (#445) * Fix go regex (#436) * Send Upload Token via Header (#439) * Send token via HTTP header vs. URL param * Revert testing change * Update script to use token in header * update SHASUM * maybe fix tests? * Undo accidental deletion * More test fixes * fix build Co-authored-by: Tom Hu <thomasrockhu@users.noreply.github.com> Co-authored-by: Andrew Jaeger <mrjaeger00@gmail.com> * Update to 1.0.4 Co-authored-by: Subhi Beidas <subhibeidas@gmail.com> Co-authored-by: Andrew Jaeger <mrjaeger00@gmail.com> * 1.0.5 - Fix token uploads for self-hosted (#454) * fix: Prevent deploys if tag is not unique (#452) * docs: Add deprecation warning (#451) * fix: add query support for token (self-hosted) (#453) * fix: add query support for token (self-hosted) * fix: mask the token in output Co-authored-by: Tom Hu <thomasrockhu@users.noreply.github.com> * chore: bump version * chore: trigger new deploy with tag 1.0.5 * fail if release fails (#447) * fix: Do not set PR on closed GitHub PRs (#456) * fix: Update GitHub Actions server URL (#457) * fix: Update GitHub Actions server URL * fix: Update tests * patch: bump to 1.0.6 (#458) Co-authored-by: Subhi Beidas <subhibeidas@gmail.com> Co-authored-by: Andrew Jaeger <mrjaeger00@gmail.com> Co-authored-by: Joe Becher <71270647+drazisil-codecov@users.noreply.github.com> Co-authored-by: Joe Becher <joe@codecov.io> Co-authored-by: Matthew Berryman <matthew@acrossthecloud.net>

MrJaeger added 3 commits June 8, 2021 14:08

Send token via HTTP header vs. URL param

e40d846

Revert testing change

24a1163

Update script to use token in header

75b7047

MrJaeger requested a review from thomasrockhu June 9, 2021 18:23

update SHASUM

96473fc

thomasrockhu requested a review from a team June 9, 2021 18:31

MrJaeger added 4 commits June 9, 2021 14:59

maybe fix tests?

b68a54b

Undo accidental deletion

9e2cd1f

More test fixes

9c3c3d6

fix build

2c3ae19

thomasrockhu approved these changes Jun 9, 2021

View reviewed changes

MrJaeger merged commit c3ccd59 into master Jun 10, 2021

MrJaeger deleted the andrew__send-token-via-header branch June 10, 2021 16:23

MrJaeger mentioned this pull request Jun 10, 2021

chore: send upload token as header vs. url param codecov/uploader#132

Merged

drazisil-codecov mentioned this pull request Jul 15, 2021

fix: add query support for token (self-hosted) #453

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Send Upload Token via Header #439

Send Upload Token via Header #439

MrJaeger commented Jun 9, 2021

thomasrockhu commented Jun 9, 2021

codecov bot commented Jun 9, 2021 •

edited

Loading

Send Upload Token via Header #439

Send Upload Token via Header #439

Conversation

MrJaeger commented Jun 9, 2021

Purpose

Tests and Risks?

Update the SHA hash files

thomasrockhu commented Jun 9, 2021

codecov bot commented Jun 9, 2021 • edited Loading

Codecov Report

codecov bot commented Jun 9, 2021 •

edited

Loading