Add config option to restrict asset downloads to logged-in users #6082
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #6082 +/- ##
=======================================
Coverage 98.98% 98.98%
=======================================
Files 396 396
Lines 39527 39548 +21
=======================================
+ Hits 39127 39148 +21
Misses 400 400 ☔ View full report in Codecov by Sentry. |
No, they cannot (except via NFS which is probably completely out of scope). The cache service is one of many open points I added on https://progress.opensuse.org/issues/174154. With Martchus@32e1b30 (which is referenced in the progress issue) this would likely work. |
Well, worker instances having direct access to the openQA base dir still work which includes cases like worker instances running on the same host as the webUI – which can even be considered the default for tiny instances – as well as when having access over NFS. How about you state that in the explanatory comment in openqa.ini. Then I guess we can merge this limited-scope feature |
* Disallow unauthenticated access to assets in web application routes * Does NOT cover access served via Apache/NGINX * Does NOT cover adjusting the cache service and additional tooling like the `openqa-clone-job` script * See https://progress.opensuse.org/issues/170380
Martchus
force-pushed
the
asset-auth-webapp-only
branch
from
9296833 to
4c8ed39
Compare
openqa-clone-jobscript