Skip to content

Chore/various small fixes #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andy-esch wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Chore/various small fixes #110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
097cee3
feat: harden cors
andy-esch Jan 26, 2026
2d72385
chore: secret mounts only for owner read only
andy-esch Jan 26, 2026
446ff53
chore(web): color from library instead of magic constant
andy-esch Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions firebase.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,17 @@
"**/.*",
"**/node_modules/**"
],
"headers": [
{
"source": "**",
"headers": [
{
"key": "Content-Security-Policy",
"value": "default-src 'self'; script-src 'self' https://apis.google.com; connect-src 'self' https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://identitytoolkit.googleapis.com; frame-src https://accounts.google.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:;"
}
]
}
],
"rewrites": [
{
"source": "**",
Expand Down
7 changes: 5 additions & 2 deletions packages/apigateway/internal/server/middleware.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,11 @@ func CORSMiddleware(corsHandler *cors.Handler) func(http.Handler) http.Handler {
return
}

// Set CORS headers for all requests
corsHandler.SetHeaders(w, r)
// Set CORS headers - reject if origin not allowed
if !corsHandler.SetHeaders(w, r) {
http.Error(w, "Origin not allowed", http.StatusForbidden)
return
}

// Continue to next handler
next.ServeHTTP(w, r)
Expand Down
3 changes: 2 additions & 1 deletion packages/web/src/components/dashboard/MultiSportComparisonChart.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { Link } from "react-router-dom";
import { LineChart, Line, ResponsiveContainer, XAxis } from "recharts";
import { parseLocalDateStrict, formatDisplayDate } from "../../utils/dateUtils";
import { SLATE } from "../../constants/uiColors";
import TimeRangeSelector from "./TimeRangeSelector";
import RecentActivitiesList from "./RecentActivitiesList";
import { SparklineSkeleton, ActivityRowSkeleton } from "../Skeleton";
Expand Down Expand Up @@ -85,7 +86,7 @@ function SparklineRow({
dataKey="date"
axisLine={false}
tickLine={false}
tick={{ fontSize: 9, fill: "#999" }}
tick={{ fontSize: 9, fill: SLATE.LIGHT }}
tickFormatter={formatAxisDate}
interval="preserveStartEnd"
minTickGap={50}
Expand Down
20 changes: 10 additions & 10 deletions terraform/modules/desirelines/cloud_run.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,11 +86,11 @@ resource "google_cloud_run_v2_service" "dispatcher" {
name = lower(replace(volumes.key, "_", "-"))
secret {
secret = volumes.value
default_mode = 292 # 0444
default_mode = 256 # 0400 owner-read-only
items {
version = "latest"
path = "value"
mode = 292
mode = 256 # 0400
}
}
}
Expand Down Expand Up @@ -185,11 +185,11 @@ resource "google_cloud_run_v2_service" "api_gateway" {
name = "infisical-postgres-conn-apigateway"
secret {
secret = google_secret_manager_secret.postgres_conn_apigateway.secret_id
default_mode = 292 # 0444 in octal (read-only)
default_mode = 256 # 0400 owner-read-only
items {
version = "latest"
path = "value"
mode = 292 # 0444
mode = 256 # 0400
}
}
}
Expand Down Expand Up @@ -295,11 +295,11 @@ resource "google_cloud_run_v2_service" "bq_inserter" {
name = lower(replace(volumes.key, "_", "-"))
secret {
secret = volumes.value
default_mode = 292
default_mode = 256 # 0400 owner-read-only
items {
version = "latest"
path = "value"
mode = 292
mode = 256 # 0400
}
}
}
Expand Down Expand Up @@ -393,11 +393,11 @@ resource "google_cloud_run_v2_service" "postgres_writer" {
name = lower(replace(volumes.key, "_", "-"))
secret {
secret = volumes.value
default_mode = 292
default_mode = 256 # 0400 owner-read-only
items {
version = "latest"
path = "value"
mode = 292
mode = 256 # 0400
}
}
}
Expand All @@ -407,11 +407,11 @@ resource "google_cloud_run_v2_service" "postgres_writer" {
name = "infisical-postgres-conn-writer"
secret {
secret = google_secret_manager_secret.postgres_conn_writer.secret_id
default_mode = 292 # 0444 in octal (read-only)
default_mode = 256 # 0400 owner-read-only
items {
version = "latest"
path = "value"
mode = 292 # 0444
mode = 256 # 0400
}
}
}
Expand Down
Loading