Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

access_application: prevent bad CORS config with allowing all origins and credentials #1073

Merged
merged 1 commit into from
May 21, 2021

Conversation

jacobbednarz
Copy link
Member

@jacobbednarz jacobbednarz commented May 21, 2021

Updates the Access Application resource to better protect against
scenarios where people unknowning violate a CORS restriction where you
cannot allow all origins and use credentials
.

The service prevents this however the Terraform resource did not
resulting in bad state if you ever attempted this.

Fixes #1059

… and credentials

Updates the Access Application resource to better protect against
scenarios where people unknowning violate a CORS restriction where you
cannot allow all origins and use credentials[1].

The service prevents this however the Terraform resource did not
resulting in bad state if you ever attempted this.

Fixes #1059

[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
@jacobbednarz
Copy link
Member Author

jacobbednarz commented May 21, 2021

TESTARGS='-run "^TestAccCloudflareAccessApplication"' make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./...) -v -run "^TestAccCloudflareAccessApplication" -timeout 120m -parallel 1
?   	github.com/cloudflare/terraform-provider-cloudflare	[no test files]
=== RUN   TestAccCloudflareAccessApplicationBasic
--- PASS: TestAccCloudflareAccessApplicationBasic (12.44s)
=== RUN   TestAccCloudflareAccessApplicationWithCORS
--- PASS: TestAccCloudflareAccessApplicationWithCORS (5.95s)
=== RUN   TestAccCloudflareAccessApplicationWithAutoRedirectToIdentity
--- PASS: TestAccCloudflareAccessApplicationWithAutoRedirectToIdentity (6.13s)
=== RUN   TestAccCloudflareAccessApplicationWithEnableBindingCookie
--- PASS: TestAccCloudflareAccessApplicationWithEnableBindingCookie (5.96s)
=== RUN   TestAccCloudflareAccessApplicationWithCustomDenyFields
--- PASS: TestAccCloudflareAccessApplicationWithCustomDenyFields (6.35s)
=== RUN   TestAccCloudflareAccessApplicationWithADefinedIdps
--- PASS: TestAccCloudflareAccessApplicationWithADefinedIdps (9.03s)
=== RUN   TestAccCloudflareAccessApplicationWithZoneID
--- PASS: TestAccCloudflareAccessApplicationWithZoneID (11.24s)
=== RUN   TestAccCloudflareAccessApplicationWithMissingCORSMethods
--- PASS: TestAccCloudflareAccessApplicationWithMissingCORSMethods (0.07s)
=== RUN   TestAccCloudflareAccessApplicationWithMissingCORSOrigins
--- PASS: TestAccCloudflareAccessApplicationWithMissingCORSOrigins (0.05s)
=== RUN   TestAccCloudflareAccessApplicationWithInvalidSessionDuration
--- PASS: TestAccCloudflareAccessApplicationWithInvalidSessionDuration (0.02s)
=== RUN   TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingAllOrigins
--- PASS: TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingAllOrigins (0.05s)
=== RUN   TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingWildcardOrigins
--- PASS: TestAccCloudflareAccessApplicationMisconfiguredCORSCredentialsAllowingWildcardOrigins (0.05s)
PASS
ok  	github.com/cloudflare/terraform-provider-cloudflare/cloudflare	57.714s
?   	github.com/cloudflare/terraform-provider-cloudflare/version	[no test files]

@jacobbednarz jacobbednarz merged commit 51c21a2 into master May 21, 2021
@jacobbednarz jacobbednarz deleted the dont-allow-cors-wildcard-and-credentials branch May 21, 2021 05:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

nil pointer dereference triggered by cors_header setting
1 participant