1.9 CLI does not support direct raw specification github.

Description

With the 1.8 cli the following works fine:

but the 1.9 CLI fails

Activity

Show:
TB
January 31, 2017, 7:04 PM

I'll make that change. thanks and

Jan-Philip Gehrcke
January 31, 2017, 7:02 PM
Edited

It is insecure to send DC/OS auth token to anything but the admin router. cc Jan-Philip Gehrcke

That's correct, thanks for pointing this out here .

The dcos_url is user specified so it isn't necessarily pointing to a DC/OS cluster

I think an appropriate solution would be to take an approach similar to how browsers handle cookies. The auth token representation within the CLI should have a notion about the DC/OS base URL (i.e. scheme and network location) through which it was initially received. That token should never be sent along with an HTTP request that is targeted at URL that does not start with that DC/OS base URL.

TB
January 31, 2017, 6:25 PM

We could check that the hostname matches the dcos_url before adding the auth header. The dcos_url is user specified so it isn't necessarily pointing to a DC/OS cluster, so this is best effort, but still an improvement over what we have now.

José Armando García Sancio
January 31, 2017, 6:13 PM

It is insecure to send DC/OS auth token to anything but the admin router. cc

TB
January 31, 2017, 5:27 PM
Edited

This is a github error, they should be dropping the header and even if they don't a 404 is not the correct status code.

Since this bug only happens for github, I'd rather not hack around it. Also using github for storage isn't really recommended. Instead I'd run `dcos flink describe --app > file` and then `dcos marathon app add `file`.

Assignee

TB

Labels

None

Components