本文整理汇总了Python中sentry.utils.http.is_valid_origin函数的典型用法代码示例。如果您正苦于以下问题:Python is_valid_origin函数的具体用法?Python is_valid_origin怎么用?Python is_valid_origin使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了is_valid_origin函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: is_valid_csp_report
def is_valid_csp_report(report, project=None):
# Some reports from Chrome report blocked-uri as just 'about'.
# In this case, this is not actionable and is just noisy.
# Observed in Chrome 45 and 46.
if report.get('effective_directive') not in ALLOWED_DIRECTIVES:
return False
blocked_uri = report.get('blocked_uri')
if blocked_uri == 'about':
return False
source_file = report.get('source_file')
# We must have one of these to do anyting sensible
if not any((blocked_uri, source_file)):
return False
if project is None or bool(project.get_option('sentry:csp_ignored_sources_defaults', True)):
disallowed_sources = DISALLOWED_SOURCES
else:
disallowed_sources = ()
if project is not None:
disallowed_sources += tuple(project.get_option('sentry:csp_ignored_sources', []))
if not disallowed_sources:
return True
if source_file and is_valid_origin(source_file, allowed=disallowed_sources):
return False
if blocked_uri and is_valid_origin(blocked_uri, allowed=disallowed_sources):
return False
return True
开发者ID:faulkner,项目名称:sentry,代码行数:35,代码来源:csp.py
示例2: _dispatch
def _dispatch(self, request, helper, project_id=None, origin=None, *args, **kwargs):
request.user = AnonymousUser()
project = self._get_project_from_id(project_id)
if project:
helper.context.bind_project(project)
Raven.tags_context(helper.context.get_tags_context())
if origin is not None:
# This check is specific for clients who need CORS support
if not project:
raise APIError("Client must be upgraded for CORS support")
if not is_valid_origin(origin, project):
raise APIForbidden("Invalid origin: %s" % (origin,))
# XXX: It seems that the OPTIONS call does not always include custom headers
if request.method == "OPTIONS":
response = self.options(request, project)
else:
auth = self._parse_header(request, helper, project)
project_ = helper.project_from_auth(auth)
# Legacy API was /api/store/ and the project ID was only available elsewhere
if not project:
if not project_:
raise APIError("Unable to identify project")
project = project_
helper.context.bind_project(project)
elif project_ != project:
raise APIError("Two different project were specified")
helper.context.bind_auth(auth)
Raven.tags_context(helper.context.get_tags_context())
if auth.version != "2.0":
if not auth.secret_key:
# If we're missing a secret_key, check if we are allowed
# to do a CORS request.
# If we're missing an Origin/Referrer header entirely,
# we only want to support this on GET requests. By allowing
# un-authenticated CORS checks for POST, we basially
# are obsoleting our need for a secret key entirely.
if origin is None and request.method != "GET":
raise APIForbidden("Missing required attribute in authentication header: sentry_secret")
if not is_valid_origin(origin, project):
raise APIForbidden("Missing required Origin or Referer header")
response = super(APIView, self).dispatch(
request=request, project=project, auth=auth, helper=helper, **kwargs
)
if origin:
response["Access-Control-Allow-Origin"] = origin
return response
开发者ID:journeyqiao,项目名称:sentry,代码行数:58,代码来源:api.py
示例3: test_project_and_setting
def test_project_and_setting(self):
from sentry.models import Project, ProjectOption
project = Project.objects.get()
ProjectOption.objects.create(project=project, key='sentry:origins', value=['http://foo.example'])
with self.Settings(SENTRY_ALLOW_ORIGIN='http://example.com'):
self.assertTrue(is_valid_origin('http://example.com', project))
开发者ID:Crowdbooster,项目名称:sentry,代码行数:7,代码来源:tests.py
示例4: post
def post(self, request, project, helper, **kwargs):
data = helper.safely_load_json_string(request.body)
# Do origin check based on the `document-uri` key as explained
# in `_dispatch`.
try:
report = data['csp-report']
except KeyError:
raise APIError('Missing csp-report')
origin = report.get('document-uri')
# No idea, but this is garbage
if origin == 'about:blank':
raise APIForbidden('Invalid document-uri')
if not is_valid_origin(origin, project):
if project:
tsdb.incr(tsdb.models.project_total_received_cors,
project.id)
raise APIForbidden('Invalid document-uri')
# Attach on collected meta data. This data obviously isn't a part
# of the spec, but we need to append to the report sentry specific things.
report['_meta'] = {
'release': request.GET.get('sentry_release'),
}
response_or_event_id = self.process(
request, project=project, helper=helper, data=report, **kwargs
)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(status=201)
开发者ID:NuttasitBoonwat,项目名称:sentry,代码行数:34,代码来源:api.py
示例5: dispatch
def dispatch(self, request, *args, **kwargs):
"""
Identical to rest framework's dispatch except we add the ability
to convert arguments (for common URL params).
"""
self.args = args
self.kwargs = kwargs
request = self.initialize_request(request, *args, **kwargs)
self.load_json_body(request)
self.request = request
self.headers = self.default_response_headers # deprecate?
if settings.SENTRY_API_RESPONSE_DELAY:
time.sleep(settings.SENTRY_API_RESPONSE_DELAY / 1000.0)
origin = request.META.get('HTTP_ORIGIN', 'null')
# A "null" value should be treated as no Origin for us.
# See RFC6454 for more information on this behavior.
if origin == 'null':
origin = None
try:
if origin and request.auth:
allowed_origins = request.auth.get_allowed_origins()
if not is_valid_origin(origin, allowed=allowed_origins):
response = Response('Invalid origin: %s' %
(origin, ), status=400)
self.response = self.finalize_response(
request, response, *args, **kwargs)
return self.response
self.initial(request, *args, **kwargs)
# Get the appropriate handler method
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(),
self.http_method_not_allowed)
(args, kwargs) = self.convert_args(request, *args, **kwargs)
self.args = args
self.kwargs = kwargs
else:
handler = self.http_method_not_allowed
if getattr(request, 'access', None) is None:
# setup default access
request.access = access.from_request(request)
response = handler(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(request, exc)
if origin:
self.add_cors_headers(request, response)
self.response = self.finalize_response(
request, response, *args, **kwargs)
return self.response
开发者ID:Kayle009,项目名称:sentry,代码行数:60,代码来源:base.py
示例6: post
def post(self, request, project, helper, **kwargs):
json_body = helper.safely_load_json_string(request.body)
report_type = self.security_report_type(json_body)
if report_type is None:
raise APIError('Unrecognized security report type')
interface = get_interface(report_type)
try:
instance = interface.from_raw(json_body)
except jsonschema.ValidationError as e:
raise APIError('Invalid security report: %s' % str(e).splitlines()[0])
# Do origin check based on the `document-uri` key as explained in `_dispatch`.
origin = instance.get_origin()
if not is_valid_origin(origin, project):
if project:
tsdb.incr(tsdb.models.project_total_received_cors, project.id)
raise APIForbidden('Invalid origin')
data = {
'interface': interface.path,
'report': instance,
'release': request.GET.get('sentry_release'),
'environment': request.GET.get('sentry_environment'),
}
response_or_event_id = self.process(
request, project=project, helper=helper, data=data, **kwargs
)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(content_type='application/javascript', status=201)
开发者ID:mjumbewu,项目名称:sentry,代码行数:32,代码来源:api.py
示例7: post
def post(self, request, project, auth, helper, **kwargs):
data = helper.safely_load_json_string(request.body)
# Do origin check based on the `document-uri` key as explained
# in `_dispatch`.
try:
report = data['csp-report']
except KeyError:
raise APIError('Missing csp-report')
origin = report.get('document-uri')
# No idea, but this is garbage
if origin == 'about:blank':
raise APIForbidden('Invalid document-uri')
if not is_valid_origin(origin, project):
raise APIForbidden('Invalid document-uri')
response_or_event_id = self.process(
request,
project=project,
auth=auth,
helper=helper,
data=report,
**kwargs
)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(status=201)
开发者ID:haojiang1,项目名称:sentry,代码行数:30,代码来源:api.py
示例8: dispatch
def dispatch(self, request):
try:
event_id = request.GET['eventId']
except KeyError:
return self._json_response(request, status=400)
key = self._get_project_key(request)
if not key:
return self._json_response(request, status=404)
origin = self._get_origin(request)
if not origin:
return self._json_response(request, status=403)
if not is_valid_origin(origin, key.project):
return HttpResponse(status=403)
if request.method == 'OPTIONS':
return self._json_response(request)
# TODO(dcramer): since we cant use a csrf cookie we should at the very
# least sign the request / add some kind of nonce
initial = {
'name': request.GET.get('name'),
'email': request.GET.get('email'),
}
form = UserReportForm(request.POST if request.method == 'POST' else None,
initial=initial)
if form.is_valid():
report = form.save(commit=False)
report.project = key.project
report.event_id = event_id
try:
report.group = Group.objects.get(
eventmapping__event_id=report.event_id,
eventmapping__project=key.project,
)
except Group.DoesNotExist:
# XXX(dcramer): the system should fill this in later
pass
report.save()
return HttpResponse(status=200)
elif request.method == 'POST':
return self._json_response(request, {
"errors": dict(form.errors),
}, status=400)
template = render_to_string('sentry/error-page-embed.html', {
'form': form,
})
context = {
'endpoint': mark_safe(json.dumps(request.get_full_path())),
'template': mark_safe(json.dumps(template)),
}
return render_to_response('sentry/error-page-embed.js', context, request,
content_type='text/javascript')
开发者ID:AyrtonRicardo,项目名称:sentry,代码行数:59,代码来源:error_page_embed.py
示例9: _dispatch
def _dispatch(self, request, helper, project_id=None, origin=None, *args, **kwargs):
request.user = AnonymousUser()
project = self._get_project_from_id(project_id)
if project:
helper.context.bind_project(project)
Raven.tags_context(helper.context.get_tags_context())
if origin is not None:
# This check is specific for clients who need CORS support
if not project:
raise APIError('Client must be upgraded for CORS support')
if not is_valid_origin(origin, project):
tsdb.incr(tsdb.models.project_total_received_cors,
project.id)
raise APIForbidden('Invalid origin: %s' % (origin, ))
# XXX: It seems that the OPTIONS call does not always include custom headers
if request.method == 'OPTIONS':
response = self.options(request, project)
else:
auth = self._parse_header(request, helper, project)
key = helper.project_key_from_auth(auth)
# Legacy API was /api/store/ and the project ID was only available elsewhere
if not project:
project = Project.objects.get_from_cache(id=key.project_id)
helper.context.bind_project(project)
elif key.project_id != project.id:
raise APIError('Two different projects were specified')
helper.context.bind_auth(auth)
Raven.tags_context(helper.context.get_tags_context())
# Explicitly bind Organization so we don't implicitly query it later
# this just allows us to comfortably assure that `project.organization` is safe.
# This also allows us to pull the object from cache, instead of being
# implicitly fetched from database.
project.organization = Organization.objects.get_from_cache(
id=project.organization_id)
response = super(APIView, self).dispatch(
request=request, project=project, auth=auth, helper=helper, key=key, **kwargs
)
if origin:
if origin == 'null':
# If an Origin is `null`, but we got this far, that means
# we've gotten past our CORS check for some reason. But the
# problem is that we can't return "null" as a valid response
# to `Access-Control-Allow-Origin` and we don't have another
# value to work with, so just allow '*' since they've gotten
# this far.
response['Access-Control-Allow-Origin'] = '*'
else:
response['Access-Control-Allow-Origin'] = origin
return response
开发者ID:mjumbewu,项目名称:sentry,代码行数:59,代码来源:api.py
示例10: fetch_url
def fetch_url(url, project=None):
"""
Pull down a URL, returning a UrlResult object.
Attempts to fetch from the cache.
"""
cache_key = 'source:%s' % (
hashlib.md5(url.encode('utf-8')).hexdigest(),)
result = cache.get(cache_key)
if result is None:
# lock down domains that are problematic
domain = urlparse(url).netloc
domain_key = 'source:%s' % (hashlib.md5(domain.encode('utf-8')).hexdigest(),)
domain_result = cache.get(domain_key)
if domain_result:
return BAD_SOURCE
headers = []
if project and is_valid_origin(url, project=project):
token = project.get_option('sentry:token')
if token:
headers.append(('X-Sentry-Token', token))
try:
request = safe_urlopen(
url,
allow_redirects=True,
headers=headers,
timeout=settings.SENTRY_SOURCE_FETCH_TIMEOUT,
)
except HTTPError:
result = BAD_SOURCE
except Exception:
# it's likely we've failed due to a timeout, dns, etc so let's
# ensure we can't cascade the failure by pinning this for 5 minutes
cache.set(domain_key, 1, 300)
logger.warning('Disabling sources to %s for %ss', domain, 300,
exc_info=True)
return BAD_SOURCE
else:
try:
body = safe_urlread(request)
except Exception:
result = BAD_SOURCE
else:
result = (dict(request.headers), body)
cache.set(cache_key, result, 60)
if result == BAD_SOURCE:
return result
return UrlResult(url, *result)
开发者ID:uber,项目名称:sentry,代码行数:54,代码来源:fetch_source.py
示例11: add_cors_headers
def add_cors_headers(self, request, response):
if not request.auth:
return
origin = request.META.get('HTTP_ORIGIN')
if not origin:
return
allowed_origins = request.auth.get_allowed_origins()
if is_valid_origin(origin, allowed=allowed_origins):
response['Access-Control-Allow-Origin'] = origin
response['Access-Control-Allow-Methods'] = ', '.join(self.http_method_names)
return
开发者ID:carriercomm,项目名称:sentry-1,代码行数:14,代码来源:base.py
示例12: dispatch
def dispatch(self, request, *args, **kwargs):
"""
Identical to rest framework's dispatch except we add the ability
to convert arguments (for common URL params).
"""
self.args = args
self.kwargs = kwargs
request = self.initialize_request(request, *args, **kwargs)
self.request = request
self.headers = self.default_response_headers # deprecate?
metric_name = '{}.{}'.format(type(self).__name__, request.method.lower())
if settings.SENTRY_API_RESPONSE_DELAY:
time.sleep(settings.SENTRY_API_RESPONSE_DELAY / 1000.0)
origin = request.META.get('HTTP_ORIGIN')
if origin and request.auth:
allowed_origins = request.auth.get_allowed_origins()
if not is_valid_origin(origin, allowed=allowed_origins):
response = Response('Invalid origin: %s' % (origin,), status=400)
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
try:
self.initial(request, *args, **kwargs)
# Get the appropriate handler method
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(),
self.http_method_not_allowed)
(args, kwargs) = self.convert_args(request, *args, **kwargs)
self.args = args
self.kwargs = kwargs
else:
handler = self.http_method_not_allowed
with SqlQueryCountMonitor(metric_name):
response = handler(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(request, exc)
if origin:
self.add_cors_headers(request, response)
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
开发者ID:Andy-hpliu,项目名称:sentry,代码行数:50,代码来源:base.py
示例13: should_filter
def should_filter(self, project=None):
disallowed = ()
paths = ['blocked_uri', 'source_file']
uris = [getattr(self, path) for path in paths if hasattr(self, path)]
if project is None or bool(project.get_option('sentry:csp_ignored_sources_defaults', True)):
disallowed += DEFAULT_DISALLOWED_SOURCES
if project is not None:
disallowed += tuple(project.get_option('sentry:csp_ignored_sources', []))
if disallowed and any(is_valid_origin(uri and uri, allowed=disallowed) for uri in uris):
return True
return False
开发者ID:binlee1990,项目名称:sentry,代码行数:14,代码来源:security.py
示例14: post
def post(self, request, project, helper, key, **kwargs):
json_body = safely_load_json_string(request.body)
report_type = self.security_report_type(json_body)
if report_type is None:
track_outcome(
project.organization_id,
project.id,
key.id,
Outcome.INVALID,
"security_report_type")
raise APIError('Unrecognized security report type')
interface = get_interface(report_type)
try:
instance = interface.from_raw(json_body)
except jsonschema.ValidationError as e:
track_outcome(
project.organization_id,
project.id,
key.id,
Outcome.INVALID,
"security_report")
raise APIError('Invalid security report: %s' % str(e).splitlines()[0])
# Do origin check based on the `document-uri` key as explained in `_dispatch`.
origin = instance.get_origin()
if not is_valid_origin(origin, project):
if project:
track_outcome(
project.organization_id,
project.id,
key.id,
Outcome.INVALID,
FilterStatKeys.CORS)
raise APIForbidden('Invalid origin')
data = {
'interface': interface.path,
'report': instance,
'release': request.GET.get('sentry_release'),
'environment': request.GET.get('sentry_environment'),
}
self.process(request, project=project, helper=helper, data=data, key=key, **kwargs)
return HttpResponse(content_type='application/javascript', status=201)
开发者ID:yaoqi,项目名称:sentry,代码行数:45,代码来源:api.py
示例15: post
def post(self, request, project, auth, helper, **kwargs):
data = helper.safely_load_json_string(request.body)
# Do origin check based on the `document-uri` key as explained
# in `_dispatch`.
try:
report = data['csp-report']
except KeyError:
raise APIError('Missing csp-report')
origin = report.get('document-uri')
# No idea, but this is garbage
if origin == 'about:blank':
raise APIForbidden('Invalid document-uri')
if not is_valid_origin(origin, project):
raise APIForbidden('Invalid document-uri')
# An invalid CSP report must go against quota
if not is_valid_csp_report(report, project):
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.project_total_blacklisted, project.id),
(app.tsdb.models.organization_total_received, project.organization_id),
(app.tsdb.models.organization_total_blacklisted, project.organization_id),
])
metrics.incr('events.blacklisted')
raise APIForbidden('Rejected CSP report')
response_or_event_id = self.process(
request,
project=project,
auth=auth,
helper=helper,
data=report,
**kwargs
)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(status=201)
开发者ID:Andy-hpliu,项目名称:sentry,代码行数:41,代码来源:api.py
示例16: wrapped
def wrapped(request, project_id=None, *args, **kwargs):
if project_id:
if project_id.isdigit():
lookup_kwargs = {"id": int(project_id)}
else:
lookup_kwargs = {"slug": project_id}
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
return HttpResponse("Invalid project_id: %r" % project_id, status=400)
else:
project = None
origin = request.META.get("HTTP_ORIGIN", None)
if origin is not None and not is_valid_origin(origin, project):
return HttpResponse("Invalid origin: %r" % origin, status=400)
response = func(request, project, *args, **kwargs)
response = apply_access_control_headers(response, origin)
return response
开发者ID:nkabir,项目名称:sentry,代码行数:21,代码来源:api.py
示例17: post
def post(self, request, project, auth, helper, **kwargs):
data = helper.safely_load_json_string(request.body)
# Do origin check based on the `document-uri` key as explained
# in `_dispatch`.
try:
report = data["csp-report"]
except KeyError:
raise APIError("Missing csp-report")
origin = report.get("document-uri")
# No idea, but this is garbage
if origin == "about:blank":
raise APIForbidden("Invalid document-uri")
if not is_valid_origin(origin, project):
raise APIForbidden("Invalid document-uri")
# An invalid CSP report must go against quota
if not is_valid_csp_report(report, project):
app.tsdb.incr_multi(
[
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.project_total_blacklisted, project.id),
(app.tsdb.models.organization_total_received, project.organization_id),
(app.tsdb.models.organization_total_blacklisted, project.organization_id),
]
)
metrics.incr("events.blacklisted")
raise APIForbidden("Rejected CSP report")
# Attach on collected meta data. This data obviously isn't a part
# of the spec, but we need to append to the report sentry specific things.
report["_meta"] = {"release": request.GET.get("sentry_release")}
response_or_event_id = self.process(request, project=project, auth=auth, helper=helper, data=report, **kwargs)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(status=201)
开发者ID:mitsuhiko,项目名称:sentry,代码行数:40,代码来源:api.py
示例18: fetch_file
def fetch_file(url, project=None, release=None, allow_scraping=True):
"""
Pull down a URL, returning a UrlResult object.
Attempts to fetch from the cache.
"""
if release:
result = fetch_release_file(url, release)
elif not allow_scraping or not url.startswith(('http:', 'https:')):
error = {
'type': EventError.JS_MISSING_SOURCE,
'url': url,
}
raise CannotFetchSource(error)
else:
result = None
cache_key = 'source:cache:v2:%s' % (
md5(url).hexdigest(),
)
if result is None:
logger.debug('Checking cache for url %r', url)
result = cache.get(cache_key)
if result is None:
# lock down domains that are problematic
domain = urlparse(url).netloc
domain_key = 'source:blacklist:v2:%s' % (
md5(domain).hexdigest(),
)
domain_result = cache.get(domain_key)
if domain_result:
domain_result['url'] = url
raise CannotFetchSource(domain_result)
headers = {}
if project and is_valid_origin(url, project=project):
token = project.get_option('sentry:token')
if token:
headers['X-Sentry-Token'] = token
logger.debug('Fetching %r from the internet', url)
http_session = http.build_session()
try:
response = http_session.get(
url,
allow_redirects=True,
verify=False,
headers=headers,
timeout=settings.SENTRY_SOURCE_FETCH_TIMEOUT,
)
except Exception as exc:
logger.debug('Unable to fetch %r', url, exc_info=True)
if isinstance(exc, SuspiciousOperation):
error = {
'type': EventError.SECURITY_VIOLATION,
'value': unicode(exc),
'url': url,
}
elif isinstance(exc, (RequestException, ZeroReturnError)):
error = {
'type': EventError.JS_GENERIC_FETCH_ERROR,
'value': str(type(exc)),
'url': url,
}
else:
logger.exception(unicode(exc))
error = {
'type': EventError.UNKNOWN_ERROR,
'url': url,
}
# TODO(dcramer): we want to be less aggressive on disabling domains
cache.set(domain_key, error or '', 300)
logger.warning('Disabling sources to %s for %ss', domain, 300,
exc_info=True)
raise CannotFetchSource(error)
# requests' attempts to use chardet internally when no encoding is found
# and we want to avoid that slow behavior
if not response.encoding:
response.encoding = 'utf-8'
result = (
{k.lower(): v for k, v in response.headers.items()},
response.text,
response.status_code,
)
cache.set(cache_key, result, 60)
if result[2] != 200:
logger.debug('HTTP %s when fetching %r', result[2], url,
exc_info=True)
error = {
'type': EventError.JS_INVALID_HTTP_CODE,
'value': result[2],
'url': url,
}
#.........这里部分代码省略.........
开发者ID:haojiang1,项目名称:sentry,代码行数:101,代码来源:processor.py
示例19: _dispatch
def _dispatch(self, request, helper, project_id=None, origin=None,
*args, **kwargs):
request.user = AnonymousUser()
project = self._get_project_from_id(project_id)
if project:
helper.context.bind_project(project)
Raven.tags_context(helper.context.get_tags_context())
if origin is not None:
# This check is specific for clients who need CORS support
if not project:
raise APIError('Client must be upgraded for CORS support')
if not is_valid_origin(origin, project):
raise APIForbidden('Invalid origin: %s' % (origin,))
# XXX: It seems that the OPTIONS call does not always include custom headers
if request.method == 'OPTIONS':
response = self.options(request, project)
else:
auth = self._parse_header(request, helper, project)
project_ = helper.project_from_auth(auth)
# Legacy API was /api/store/ and the project ID was only available elsewhere
if not project:
if not project_:
raise APIError('Unable to identify project')
project = project_
elif project_ != project:
raise APIError('Two different project were specified')
helper.context.bind_auth(auth)
Raven.tags_context(helper.context.get_tags_context())
if auth.version != '2.0':
if request.method == 'GET':
# GET only requires an Origin/Referer check
# If an Origin isn't passed, it's possible that the project allows no origin,
# so we need to explicitly check for that here. If Origin is not None,
# it can be safely assumed that it was checked previously and it's ok.
if origin is None and not is_valid_origin(origin, project):
# Special case an error message for a None origin when None wasn't allowed
raise APIForbidden('Missing required Origin or Referer header')
else:
# Version 3 enforces secret key for server side requests
if not auth.secret_key:
raise APIForbidden('Missing required attribute in authentication header: sentry_secret')
response = super(APIView, self).dispatch(
request=request,
project=project,
auth=auth,
helper=helper,
**kwargs
)
if origin:
response['Access-Control-Allow-Origin'] = origin
return response
开发者ID:hyserver,项目名称:sentry,代码行数:61,代码来源:api.py
示例20: fetch_file
def fetch_file(url, project=None, release=None, allow_scraping=True):
"""
Pull down a URL, returning a UrlResult object.
Attempts to fetch from the cache.
"""
# If our url has been truncated, it'd be impossible to fetch
# so we check for this early and bail
if url[-3:] == '...':
raise CannotFetchSource({
'type': EventError.JS_MISSING_SOURCE,
'url': expose_url(url),
})
if release:
with metrics.timer('sourcemaps.release_file'):
result = fetch_release_file(url, release)
else:
result = None
cache_key = 'source:cache:v3:%s' % (
md5_text(url).hexdigest(),
)
if result is None:
if not allow_scraping or not url.startswith(('http:', 'https:')):
error = {
'type': EventError.JS_MISSING_SOURCE,
'url': expose_url(url),
}
raise CannotFetchSource(error)
logger.debug('Checking cache for url %r', url)
result = cache.get(cache_key)
if result is not None:
# Previous caches would be a 3-tuple instead of a 4-tuple,
# so this is being maintained for backwards compatibility
try:
encoding = result[3]
except IndexError:
encoding = None
# We got a cache hit, but the body is compressed, so we
# need to decompress it before handing it off
result = (result[0], zlib.decompress(result[1]), result[2], encoding)
if result is None:
# lock down domains that are problematic
domain = urlparse(url).netloc
domain_key = 'source:blacklist:v2:%s' % (
md5_text(domain).hexdigest(),
)
domain_result = cache.get(domain_key)
if domain_result:
domain_result['url'] = url
raise CannotFetchSource(domain_result)
headers = {}
if project and is_valid_origin(url, project=project):
token = project.get_option('sentry:token')
if token:
token_header = project.get_option(
'sentry:token_header',
'X-Sentry-Token',
)
headers[token_header] = token
logger.debug('Fetching %r from the internet', url)
with metrics.timer('sourcemaps.fetch'):
http_session = http.build_session()
response = None
try:
try:
start = time.time()
response = http_session.get(
url,
allow_redirects=True,
verify=False,
headers=headers,
timeout=settings.SENTRY_SOURCE_FETCH_SOCKET_TIMEOUT,
stream=True,
)
try:
cl = int(response.headers['content-length'])
except (LookupError, ValueError):
cl = 0
if cl > settings.SENTRY_SOURCE_FETCH_MAX_SIZE:
raise OverflowError()
contents = []
cl = 0
# Only need to even attempt to read the response body if we
# got a 200 OK
if response.status_code == 200:
for chunk in response.iter_content(16 * 1024):
if time.time() - start > settings.SENTRY_SOURCE_FETCH_TIMEOUT:
raise Timeout()
contents.append(chunk)
cl += len(chunk)
#.........这里部分代码省略.........
开发者ID:rlugojr,项目名称:sentry,代码行数:101,代码来源:processor.py
注:本文中的sentry.utils.http.is_valid_origin函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论