Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard CORS Origin Cannot be Passed in via Environment Variable #4292

Open
RobertKeyser opened this issue Oct 17, 2023 · 0 comments
Open

Wildcard CORS Origin Cannot be Passed in via Environment Variable #4292

RobertKeyser opened this issue Oct 17, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@RobertKeyser
Copy link
Contributor

Bug Description

Wildcard CORS origins have stopped working.

'*' is a valid CORS origin, representing any origin. While it is not a recommended CORS origin to use, we should continue support for it. #4073 made a change to the config where instead of treating the CORS origins as List[str], they are now treated as List[AnyUrl]. Because * is not a valid URL, a wildcard included in the config-provided CORS origins will yield the following error:

Traceback (most recent call last):
  File "/usr/local/bin/fidesplus", line 5, in <module>
    from fidesplus.main import main
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "/usr/local/lib/python3.10/site-packages/ddtrace/internal/module.py", line 220, in _exec_module
    self.loader.exec_module(module)
  File "/usr/local/lib/python3.10/site-packages/fidesplus/main.py", line 7, in <module>
    from fides.api.main import app as fides
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "/usr/local/lib/python3.10/site-packages/ddtrace/internal/module.py", line 220, in _exec_module
    self.loader.exec_module(module)
  File "/usr/local/lib/python3.10/site-packages/fides/api/main.py", line 21, in <module>
    from fides.api.app_setup import (
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "/usr/local/lib/python3.10/site-packages/ddtrace/internal/module.py", line 220, in _exec_module
    self.loader.exec_module(module)
  File "/usr/local/lib/python3.10/site-packages/fides/api/app_setup.py", line 19, in <module>
    from fides.api.api.deps import get_api_session
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "/usr/local/lib/python3.10/site-packages/ddtrace/internal/module.py", line 220, in _exec_module
    self.loader.exec_module(module)
  File "/usr/local/lib/python3.10/site-packages/fides/api/api/deps.py", line 7, in <module>
    from fides.api.db.session import get_db_engine, get_db_session
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "/usr/local/lib/python3.10/site-packages/ddtrace/internal/module.py", line 220, in _exec_module
    self.loader.exec_module(module)
  File "/usr/local/lib/python3.10/site-packages/fides/api/db/session.py", line 10, in <module>
    from fides.config import FidesConfig
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "/usr/local/lib/python3.10/site-packages/ddtrace/internal/module.py", line 220, in _exec_module
    self.loader.exec_module(module)
  File "/usr/local/lib/python3.10/site-packages/fides/config/__init__.py", line 252, in <module>
    CONFIG = get_config()
  File "/usr/local/lib/python3.10/site-packages/fides/config/__init__.py", line 202, in get_config
    config = build_config(config_dict=settings)
  File "/usr/local/lib/python3.10/site-packages/fides/config/__init__.py", line 163, in build_config
    settings_map[key] = value.parse_obj(config_dict.get(key, {}))
  File "pydantic/main.py", line 526, in pydantic.main.BaseModel.parse_obj
  File "pydantic/env_settings.py", line 39, in pydantic.env_settings.BaseSettings.__init__
  File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 1 validation error for SecuritySettings
cors_origins -> 11
  invalid or missing URL scheme (type=value_error.url.scheme)

This is a fatal error that prevents a Fides webserver from launching completely.

The workaround is to explicitly specify URLs in the list of CORS origins.

Steps to Reproduce

  1. Pass * in the list of CORS origins as an environment variable (also probably in the toml would cause it)
  2. Try launching the server

Expected behavior

Because wildcards are valid in the CORS standards, passing a wildcard in the list of CORS origins should be treated as valid configuration.

Environment

  • Version: 2.21.0 and above

Additional context

In the above stack trace, you may ignore the datadog wrappers, e.g. ddtrace.

Relevant standards:
@RobertKeyser RobertKeyser added the bug Something isn't working label Oct 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RobertKeyser