You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is not loads of changed code in this PR, but there's a couple of things going on in here which are kind of linked and kind of not.
One is a bit of cleanup. The request --> got work left us with this slightly clunky thing where got.js exports a fetchFactory which takes fetchLimitBytes and returns a function. That allows us to inject fetchLimitBytes from config in the server but then sometimes it is useful to construct it outside the context of the server object.
We've also had this long-standing issue Send better user-agent values #6268 which I had a look at before and was also a bit clunky/fiddly for the same reason.
I did have a look at completely decoupling config parsing from the server, but what I realised was that because we can set some of the args at runtime (see
) this didn't seem like the right approach as the whole config object doesn't depend exclusively on the yml/env vars and we'd have to double validate the config at server start time.
The approach I settled on was making a subset of config available outside the context of the server object, which seemed like the right tradeoff.
The other bit of this is adding a feature. Basically before this PR, every instance of shields (our own, self-hosted, dev copies) sends the exact same user agent value (Shields.io/2003a, for..reasons).
As of this PR:
The default user agent is shields (self-hosted)/dev
We (or users who self-host their own instance) can override the base value (the part before the slash)
If either HEROKU_SLUG_COMMIT (we have this set in production) or DOCKER_SHIELDS_VERSION (this PR adds it to the image) are set, that will be used for the second part of the UA string (after the slash)
If neither of those vars are set it will be /dev
This should mean in most cases the userAgent string will be reasonably meaningful.
- add userAgentBase setting
- send short SHA in user agent on heroku
- set a version (tag or short SHA) in Dockefile and use
it to report server version in UA for docker users
The reason will be displayed to describe this comment to others. Learn more.
I'm good with the changes, both code and strategic, and approving accordingly so you can move forward if you'd like. One minor inline item that could be ignored or handled in a follow up, but happy to re-:+1: if you decide to make any other changes
I've set the env var, deployed and confirmed it is working in production by using the endpoint badge to make a request to an endpoint where I can see the header.
Hopefully this is all fine and I think it is a good change, but there is this slight worry at the back of my mind that somewhere out there in the world is a rate limit or deny list with a specific exception for Shields.io/2003a hard-coded which is going to break something now that we're sending a different suffix each time. We will have to see..
but there is this slight worry at the back of my mind that somewhere out there in the world is a rate limit or deny list with a specific exception for Shields.io/2003a hard-coded which is going to break something now that we're sending a different suffix each time
This was in the back of my mind as well, though I actually think this change is perhaps the best way forward to surface any potential issues. I don't think we can (or should) perpetually pin a user agent, and it feels like changing it as we've done here may be the only way for us to truly discover any such cases, which will then allow us to figure out next steps
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs #4655
Closes #6268
There is not loads of changed code in this PR, but there's a couple of things going on in here which are kind of linked and kind of not.
got.jsexports afetchFactorywhich takesfetchLimitBytesand returns a function. That allows us to injectfetchLimitBytesfrom config in the server but then sometimes it is useful to construct it outside the context of the server object.I did have a look at completely decoupling config parsing from the server, but what I realised was that because we can set some of the args at runtime (see
shields/server.js
Lines 28 to 33 in 95a439a
The approach I settled on was making a subset of config available outside the context of the server object, which seemed like the right tradeoff.
The other bit of this is adding a feature. Basically before this PR, every instance of shields (our own, self-hosted, dev copies) sends the exact same user agent value (
Shields.io/2003a, for..reasons).As of this PR:
shields (self-hosted)/devHEROKU_SLUG_COMMIT(we have this set in production) orDOCKER_SHIELDS_VERSION(this PR adds it to the image) are set, that will be used for the second part of the UA string (after the slash)/devThis should mean in most cases the userAgent string will be reasonably meaningful.