search

udplabs / zartan

Zartan is a master of make-up and disguise and so is this demo.
GNU General Public License v3.0
23 stars 23 forks source link

Bug s3 cdn iss481 #492

Open mdwallick opened 2 years ago

mdwallick commented 2 years ago

This branch removes references to the Zartan S3 CDN for the Okta sign-in widget and AuthJS library and replaces them with the Okta CDN URL. Additionally, the SIW and AuthJS versions are now configurable via environment variables. The default SIW and AuthJS versions are the latest available without any breaking changes (i.e. < 6.0.0).

Resolves #481

mdwallick commented 2 years ago

Related to the SonarCloud security hotspots, I could easily include hashes for the AuthJS and SIW Javascript libraries coming from the CDN, but should I? We would need to account for hashes for different versions, should someone choose to use a different version, or make the hash values part of the config directly. That might not be a bad idea; have default versions and hashes in app_config.py, and let environment variables override them.

sonarcloud[bot] commented 2 years ago

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 9 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 1 Security Hotspot
Code Smell A 518 Code Smells

No Coverage information No Coverage information
0.3% 0.3% Duplication