Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issues regarding CORSMiddleware #263

Merged
merged 1 commit into from
Mar 29, 2021
Merged

Fix issues regarding CORSMiddleware #263

merged 1 commit into from
Mar 29, 2021

Conversation

fberanizo
Copy link
Member

Our devs have reported that CORS seems not to be working after
the migration to FastAPI.
We find out lots of message at GitHub confirming these issues:
fastapi/fastapi#1663

This fix creates a route that handles "OPTIONS" requests and
returns the CORS headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Authorization, Content-Type

All references to CORSMiddleware were removed.

@github-actions
Copy link

Dicas para revisão de código

Commits

  • Título (1a linha do commit): apresentar resumo do que foi alterado/adicionado/removido.
    ex: adiciona action que salva parametros no backend; exibe rótulo no componente de selecao de dataset;
  • Descrição (outras linhas): dar mais detalhes de cada alteração:
    • motivos das alterações
      ex: havia um bug que causava...; nova funcionalidade que faz isso...; código foi movido para...;
    • bibliotecas adicionadas e versões (requirements.txt)
      ex: atualiza para SQLAlchemy 1.3.20;
    • testes unitários criados/alterados
      ex: adiciona testes para a API PATCH /projects/{projectId}/experiments/{experimentId};
    • alterações do swagger.yaml
      ex: adiciona documentação para GET /projects/{projectId}
  • Mensagens auto-explicativas! Quem revisa o código deve entender o que foi feito (e porque foi feito) sem perguntar para quem fez o commit.
  • Não devem ter conflitos. Solicitar que sejam resolvidas as ocorrências de "This branch has conflicts that must be resolved".

SonarCloud Quality Gate

  • Coverage > 80.0%, e sempre que possível = 100%
  • 0 Bugs, 0 Code Smells, 0 Vulnerabilities
  • São permitidos os seguintes Security Hotspots:
    • Make sure this permissive CORS policy is safe here.
    • Make sure publicly writable directories are used safely here.
    • Using http protocol is insecure. Use https instead.
    • Make sure disabling CSRF protection is safe here.

Build Github actions COM SUCESSO

Python

  • Usar Python>=3.7
  • Remover print.
  • Não deixar código-fonte comentado.
  • f-string f'text-{variable}' é melhor que 'text-{}'.format(variable) e 'text-' + variable
  • Métodos que são chamados de outros arquivos .py DEVEM TER Docstring.
  • Usar NumPy Style Python Docstring: https://www.sphinx-doc.org/en/master/usage/extensions/example_numpy.html
  • Usar sempre import absoluto.
    ex: from projects.database import Base (BOM), from .database import Base (RUIM)

Padrão de URLs para API REST

  • Usar REST resource naming guide: https://restfulapi.net/resource-naming/
  • USE SUBSTANTIVOS! NÃO USE VERBOS NA URL!
    ex: /projects/:projectId/executions (BOM), /project/execute (RUIM)
  • SUBSTANTIVOS SEMPRE NO PLURAL!
    ex: /deployments/:deploymentId (BOM), /deployment/:deploymentId (RUIM)
  • SUBSTANTIVOS SÃO SEMPRE SEPARADOS POR UM ID. NÃO USE DOIS SUBSTANTIVOS SEGUIDOS
    ex: /experiments/:experimentId/results (BOM), /experiments/results/:experimentId (RUIM)
  • Para consultar uma lista de resources (paginada ou não):
    ex: GET /resources?page=1&size=10&filter=...
  • Para criar um resource (e gerar um resourceId aleatório):
    ex: POST /resources
  • Para acessar um resource por resourceId:
    ex: GET /resources/{resourceId}
  • Para substituir/criar (ou atualizar TODOS OS CAMPOS) de um resource com resourceId específico:
    ex: PUT /resources/{resourceId}
  • Para excluir um resource:
    ex: DELETE /resources/{resourceId}
  • Para atualizar alguns campos de um resource:
    ex: PATCH /resources/{resourceId}
  • Em dúvidas? Mantenha uma consistência com as URLs já existem.

@fberanizo
Fix issues regarding CORSMiddleware
1796090 
Our devs have reported that CORS seems not to be working after
the migration to FastAPI.
We find out lots of message at GitHub confirming these issues:
fastapi/fastapi#1663

This fix creates a route that handles "OPTIONS" requests and
returns the CORS headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Authorization, Content-Type

All references to CORSMiddleware were removed.
@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@fberanizo fberanizo marked this pull request as ready for review March 29, 2021 17:29
miguelfferraz
miguelfferraz approved these changes Mar 29, 2021
View reviewed changes
Copy link
Contributor

@miguelfferraz miguelfferraz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fberanizo fberanizo merged commit dc2765d into master Mar 29, 2021
@fberanizo fberanizo deleted the fix/cors-fast-api branch March 29, 2021 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miguelfferraz miguelfferraz miguelfferraz approved these changes

@dnlcesilva dnlcesilva Awaiting requested review from dnlcesilva

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fberanizo @miguelfferraz