misc: introduce setting to disable https checks for given hostnames (#81541)
gitea/passerelle/pipeline/head This commit looks good
Details
gitea/passerelle/pipeline/head This commit looks good
Details
This commit is contained in:
parent
441ac49c58
commit
7a671f7e74
|
@ -280,6 +280,9 @@ CONNECTORS_SETTINGS = {}
|
|||
# List of authorized content-types, as regular expressions, for substitutions
|
||||
REQUESTS_SUBSTITUTIONS_CONTENT_TYPES = [r'text/.*', r'application/(.*\+)?json', r'application/(.*\+)?xml']
|
||||
|
||||
# List of hosntames where certificate errors should be ignored
|
||||
REQUESTS_IGNORE_HTTPS_CERTIFICATE_ERRORS = []
|
||||
|
||||
# Passerelle can receive big requests (for example base64 encoded files)
|
||||
DATA_UPLOAD_MAX_MEMORY_SIZE = 100 * 1024 * 1024
|
||||
|
||||
|
|
|
@ -366,11 +366,10 @@ class Request(RequestSession):
|
|||
|
||||
# search in legacy urls
|
||||
legacy_urls_mapping = getattr(settings, 'LEGACY_URLS_MAPPING', None)
|
||||
if legacy_urls_mapping:
|
||||
splitted_url = urllib.parse.urlparse(url)
|
||||
hostname = splitted_url.netloc
|
||||
if hostname in legacy_urls_mapping:
|
||||
url = splitted_url._replace(netloc=legacy_urls_mapping[hostname]).geturl()
|
||||
splitted_url = urllib.parse.urlparse(url)
|
||||
hostname = splitted_url.netloc
|
||||
if legacy_urls_mapping and hostname in legacy_urls_mapping:
|
||||
url = splitted_url._replace(netloc=legacy_urls_mapping[hostname]).geturl()
|
||||
|
||||
if self.resource:
|
||||
if 'auth' not in kwargs:
|
||||
|
@ -394,6 +393,9 @@ class Request(RequestSession):
|
|||
if proxy:
|
||||
kwargs['proxies'] = {'http': proxy, 'https': proxy}
|
||||
|
||||
if hostname in settings.REQUESTS_IGNORE_HTTPS_CERTIFICATE_ERRORS:
|
||||
kwargs['verify'] = False
|
||||
|
||||
if method == 'GET' and cache_duration:
|
||||
cache_key = hashlib.md5(force_bytes('%r;%r' % (url, kwargs))).hexdigest()
|
||||
cache_content = cache.get(cache_key)
|
||||
|
|
|
@ -325,6 +325,14 @@ def test_resource_certificates(mocked_get, caplog, endpoint_response):
|
|||
assert mocked_get.call_args[1].get('verify') is True
|
||||
assert 'cert' not in mocked_get.call_args[1]
|
||||
|
||||
with override_settings(REQUESTS_IGNORE_HTTPS_CERTIFICATE_ERRORS=['example.com']):
|
||||
request.get('http://example.net/whatever')
|
||||
assert mocked_get.call_args[1].get('verify') is True
|
||||
|
||||
with override_settings(REQUESTS_IGNORE_HTTPS_CERTIFICATE_ERRORS=['example.net']):
|
||||
request.get('http://example.net/whatever')
|
||||
assert mocked_get.call_args[1].get('verify') is False
|
||||
|
||||
resource.verify_cert = False
|
||||
request.get('http://example.net/whatever')
|
||||
assert mocked_get.call_args[1].get('verify') is False
|
||||
|
|
Loading…
Reference in New Issue