Open mdwallick opened 2 years ago
Related to the SonarCloud security hotspots, I could easily include hashes for the AuthJS and SIW Javascript libraries coming from the CDN, but should I? We would need to account for hashes for different versions, should someone choose to use a different version, or make the hash values part of the config directly. That might not be a bad idea; have default versions and hashes in app_config.py, and let environment variables override them.
SonarCloud Quality Gate failed.
9 Bugs
0 Vulnerabilities
1 Security Hotspot
518 Code Smells
No Coverage information
0.3% Duplication
This branch removes references to the Zartan S3 CDN for the Okta sign-in widget and AuthJS library and replaces them with the Okta CDN URL. Additionally, the SIW and AuthJS versions are now configurable via environment variables. The default SIW and AuthJS versions are the latest available without any breaking changes (i.e. < 6.0.0).
Resolves #481