-
-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: New AWS-WAF Rule Breaks EZID-Related Tests #1625
Comments
What is |
I believe it's a callback link from the ezid site to the metacatui page that would display the dataset being referenced. Are you advocating eliminating it altogether, or just eliminating it in the test calls? (I already have a fix that substitutes a dummy hostname via mock Properties for the tests) |
I'm not advocating anything yet, just trying to understand what is was used for, and why you could change it with impunity and still have tests pass. |
got it. Yeah - it's not part of the test, and its content is not validated by the ezid site as part of the POST (apart from the new filtering to exclude localhost references). I don't know if it's a required field or not - but the mock value works OK |
Bug Fix: New AWS-WAF Rule Breaks EZID-Related Tests #1625
merged #1626 |
Many tests that communicate with the prod website at https://ezid.cdlib.org include a _target url in the POST request body. On 5/11/23, security was updated for the public site, and application of a new AWS-WAF Rule means that requests are denied with a 403 Unauthorized error if the body contains a url that includes
localhost
or127.0.0.1
. This is populated from the metacat.propertiesserver.name
value, which is typically set to localhost, thus causing the test failures.Here is the new definition:
Instead of using the properties value, therefore, the tests should be changed to substitute a dummy hostname, without needing to affect all the other tests.
Epic #1608
The text was updated successfully, but these errors were encountered: