(tooling-trusted-releases) branch main updated: Fix refresh button and remove CSP change. Try to convert ID to int.

arm Wed, 14 Jan 2026 03:55:22 -0800

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git



The following commit(s) were added to refs/heads/main by this push:
     new cee9968  Fix refresh button and remove CSP change. Try to convert ID 
to int.
cee9968 is described below

commit cee9968dfe9455bce226dae0482ad8d345ec1924
Author: Alastair McFarlane <[email protected]>
AuthorDate: Wed Jan 14 10:36:47 2026 +0000

    Fix refresh button and remove CSP change. Try to convert ID to int.
---
 atr/db/interaction.py | 2 +-
 atr/get/finish.py     | 8 ++++++--
 atr/server.py         | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/atr/db/interaction.py b/atr/db/interaction.py
index bc27ef4..f951eef 100644
--- a/atr/db/interaction.py
+++ b/atr/db/interaction.py
@@ -483,7 +483,7 @@ async def validate_trusted_jwt(publisher: str, jwt: str) -> 
tuple[dict[str, Any]
     if publisher != "github":
         raise InteractionError(f"Publisher {publisher} not supported")
     payload = await jwtoken.verify_github_oidc(jwt)
-    if payload["actor_id"] != _GITHUB_TRUSTED_ROLE_NID:
+    if int(payload["actor_id"]) != _GITHUB_TRUSTED_ROLE_NID:
         asf_uid = await ldap.github_to_apache(payload["actor_id"])
     else:
         asf_uid = None
diff --git a/atr/get/finish.py b/atr/get/finish.py
index 1438fd3..7671086 100644
--- a/atr/get/finish.py
+++ b/atr/get/finish.py
@@ -247,9 +247,13 @@ def _render_distribution_tasks(release: sql.Release, 
tasks: Sequence[sql.Task])
                 htm.h3["In-progress distributions"],
                 htm.p["One or more automatic distributions are still 
in-progress:"],
                 *[_render_task(f) for f in in_progress_tasks],
-                htm.button(
+                htm.a(
                     ".btn.btn-success.me-2",
-                    {"onclick": "window.location.reload()"},
+                    href=util.as_url(
+                        selected,
+                        project_name=release.project.name,
+                        version_name=release.version,
+                    ),
                 )["Refresh"],
             ]
         )
diff --git a/atr/server.py b/atr/server.py
index 6149ee4..71fe523 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -338,7 +338,7 @@ def _app_setup_security_headers(app: base.QuartApp) -> None:
     # The script hash allows window.location.reload() and nothing else
     csp_directives = [
         "default-src 'self'",
-        "script-src 'self' 
'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'unsafe-hashes'",
+        "script-src 'self'",
         "style-src 'self' 'unsafe-inline'",
         "img-src 'self' https://apache.org https://incubator.apache.org 
https://www.apache.org data:",
         "font-src 'self'",


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tooling-trusted-releases) branch main updated: Fix refresh button and remove CSP change. Try to convert ID to int.

Reply via email to