mistercrunch commented on a change in pull request #3970: Enable request
filtering by cert common name
URL:
https://github.com/apache/incubator-superset/pull/3970#discussion_r154448696
##########
File path: superset/__init__.py
##########
@@ -160,4 +162,16 @@ def index(self):
module_datasource_map.update(app.config.get('ADDITIONAL_MODULE_DS_MAP'))
ConnectorRegistry.register_sources(module_datasource_map)
+allowed_certs = conf.get('ALLOWED_CERT_COMMON_NAMES')
+if allowed_certs:
+ @app.before_request
+ def is_valid_request():
+ cert = request.headers.get('X-CLIENT-SSL-CERT')
Review comment:
Is this something specific to `internal_auth` or a certain flavor of
proxies? Google "X-CLIENT-SSL-CERT" doesn't give out much result so that
doesn't seem like a standard.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
