Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RemoteUser: Hide from Swagger #9961

Merged
merged 1 commit into from
May 2, 2024

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Apr 18, 2024

RemoteUser is usually used behind AuthN proxy and users should not know about this mechanism from Swagger because it is not usable by users.
It should be hidden by default.

@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests labels Apr 18, 2024
Copy link

dryrunsecurity bot commented Apr 18, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
AppSec Analyzer (beta) 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 3 findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Tip

Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security

@kiblik kiblik changed the title Remote user header for swagger RemoteUser: Hide from Swagger Apr 18, 2024
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

1 similar comment
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@kiblik kiblik force-pushed the remote_user_header_for_swagger branch from b85ae43 to eae3221 Compare April 22, 2024 17:00
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@cneill cneill merged commit 823f3ed into DefectDojo:dev May 2, 2024
123 checks passed
@kiblik kiblik deleted the remote_user_header_for_swagger branch May 2, 2024 17:34
dogboat pushed a commit to dogboat/django-DefectDojo that referenced this pull request May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants