refactor: Removed hard-coding of h2 console path and used H2ConsoleProperties i… #1306
Conversation
Generated by 🚫 Danger |
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
2 times, most recently
from
f8da737 to
d9608d3
Compare
src/main/java/ru/mystamps/web/support/spring/boot/ApplicationBootstrap.java
Outdated
Show resolved
Hide resolved
src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java
Outdated
Show resolved
Hide resolved
...test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Thank you for the PR! I'd like to accept your contribution after we deal with small issues (see my comments).
Also, could you amend the commit message and start it with "refactor:" prefix (like PR's title). We have a bot that should control this but it seems like bot didn't recognize this :-(
Thank you again!
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
from
d9608d3 to
ca97184
Compare
Hi @php-coder , |
There was a problem hiding this comment.
Thanks again!
LGTM with 2 small improvements (I'm sorry for being so pedantic):
- split variables (see another comment)
- append "Fix Reduce H2 console path hard-coding #1269" to the commit message (to make PR to close related issue after merge).
Thank you! 👍
...test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java
Outdated
Show resolved
Hide resolved
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
from
ca97184 to
35f9f5f
Compare
|
@mscibilia Github didn't recognize this keyword. I suppose because it should be on a separate line: Could you modify it one more time, please? Also, I sent you invite to join as a collaborator. If you accept it, I'll be able to assign the issue to you. |
|
P.S. @mscibilia I see that the commit has "Scibs" as an author name. If you want to modify it, you can do that with |
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
from
35f9f5f to
4893ef9
Compare
|
I don't see a report from Travis CI on GitHub, but it seems like there some failures: https://travis-ci.org/github/php-coder/mystamps/builds/668788917 I'm looking on it right now. |
| @@ -72,6 +73,9 @@ | |||
| @Autowired | |||
| private SiteService siteService; | |||
|
|
|||
| @Autowired | |||
| private H2ConsoleProperties h2ConsoleProperties; | |||
There was a problem hiding this comment.
The integration tests fail with error:
Field h2ConsoleProperties in ru.mystamps.web.support.spring.security.SecurityConfig required a bean of type 'org.springframework.boot.autoconfigure.h2.H2ConsoleProperties' that could not be found.
The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)
They fail only on "travis" and "postgres" profiles. It happens because we use H2 only in "test" profile and it's disabled on others (including production where we use MySQL, for example).
There was a problem hiding this comment.
We need to mark this as required=true and handle null case later.
| @@ -141,7 +145,7 @@ protected void configure(HttpSecurity http) throws Exception { | |||
| // Allow unsecured requests to H2 consoles. | |||
| // See also spring.h2.console.path in application-test.properties and | |||
| // ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN | |||
There was a problem hiding this comment.
This comment should be updated as well, by the way.
| @@ -141,7 +145,7 @@ protected void configure(HttpSecurity http) throws Exception { | |||
| // Allow unsecured requests to H2 consoles. | |||
| // See also spring.h2.console.path in application-test.properties and | |||
| // ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN | |||
| .ignoringAntMatchers("/console/**", SiteUrl.CSP_REPORTS_HANDLER) | |||
| .ignoringAntMatchers(h2ConsoleProperties.getPath() + "/**", SiteUrl.CSP_REPORTS_HANDLER) | |||
There was a problem hiding this comment.
Let's re-use h2ConsolePath local variable that has been introduced earlier.
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
from
4893ef9 to
1038ad4
Compare
Please re-review |
| http.csrf() | ||
| // Allow unsecured requests to H2 consoles. | ||
| // See also spring.h2.console.path in application-test.properties | ||
| .ignoringAntMatchers(h2ConsolePath + "/**", SiteUrl.CSP_REPORTS_HANDLER); |
There was a problem hiding this comment.
I'd love to merge this is but I can't because this change introduces regression that fortunately was caught by our integration tests:
FAIL: Robotframework.Site.Csp.Report-Logic.CSP report should be accepted
Status code was not as expected. Expected 204, but got 405
Here we ignores 2 URLS -- one for H2 and another one for CSP reports. The first one should be ignored only when we have H2 while another one should be ignored always.
Let's leave it as it was before -- ignore h2 always and just add // FIXME comment that we should ignore H2 only when it's available.
There was a problem hiding this comment.
Hi @php-coder,
I've pushed a solution, let me know what you think :)
There was a problem hiding this comment.
Looks great! 👍 I had the same idea :)
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
from
1038ad4 to
1d813a0
Compare
|
P.S. The build log is available there: https://travis-ci.org/github/php-coder/mystamps/jobs/669211574 |
…operties instead Fix php-coder#1269
mscibilia
force-pushed
the
gh1269_Reduce-h2-console-path-hard-coding
branch
from
1d813a0 to
13657e0
Compare
|
Hooray! It's green now: https://travis-ci.org/github/php-coder/mystamps/builds/669225988 |
|
@mscibilia Thank you, Matthew! I've merged your change and added you to our list of contributors -- https://github.com/php-coder/mystamps/wiki/team-members Let me know if you want to work on something else. For example, #1307 is a follow-up issue that looks like a low-hanging fruit ;) |
…nstead.
Addressed to #1269