From c307f6baa25e00dce08177eb767e3a15502c8efa Mon Sep 17 00:00:00 2001 From: Bastien Girschig Date: Fri, 17 Dec 2021 11:13:36 +0100 Subject: [PATCH 1/2] Update environ.py My cron job is currently failing because of @securescaffold.cron_only: Cloud Scheduler only sends the following headers (at least in my case): X-Appengine-Default-Version-Hostname, X-Appengine-Request-Log-Id, X-Google-Internal-Skipadmincheck, X-Appengine-Api-Ticket, X-Appengine-User-Ip, X-Appengine-Https, X-Appengine-Timeout-Ms, Traceparent, X-Cloud-Trace-Context, X-Appengine-Country, X-Cloudscheduler-Jobname, *X-Cloudscheduler*, User-Agent, Forwarded, X-Forwarded-Proto, X-Forwarded-For, Host I suggest we also allow requests with the "X-Cloudscheduler" header --- src/securescaffold/environ.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/securescaffold/environ.py b/src/securescaffold/environ.py index 396aa8e..2ff4c2b 100644 --- a/src/securescaffold/environ.py +++ b/src/securescaffold/environ.py @@ -18,6 +18,7 @@ X_APPENGINE_QUEUENAME = "X-Appengine-Queuename" +X_APPENGINE_SCHEDULER = "X-Cloudscheduler" X_APPENGINE_USER_IS_ADMIN = "X-Appengine-User-Is-Admin" @@ -66,13 +67,14 @@ def is_tasks_request(request) -> bool: This also works for requests from the Cron scheduler. """ - value = request.headers.get(X_APPENGINE_QUEUENAME) - - return bool(value) + is_cron_scheduler_request = request.headers.get(X_APPENGINE_QUEUENAME) + is_task_scheduler_request = request.headers.get(X_APPENGINE_SCHEDULER) == "true" + + return bool(is_cron_scheduler_request) or is_task_scheduler_request def is_tasks_or_admin_request(request) -> bool: - """True if the request is from the Tasks scheduler (or an admin).""" + """True if https://blog.hubspot.com/marketing/shrug-emojithe request is from the Tasks scheduler (or an admin).""" return is_tasks_request(request) or is_admin_request(request) From 80cd8efe59e20958269207a45e8cfe83a6f9ebc3 Mon Sep 17 00:00:00 2001 From: Bastien Girschig Date: Fri, 17 Dec 2021 11:22:36 +0100 Subject: [PATCH 2/2] fix typo --- src/securescaffold/environ.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/securescaffold/environ.py b/src/securescaffold/environ.py index 2ff4c2b..1c0027e 100644 --- a/src/securescaffold/environ.py +++ b/src/securescaffold/environ.py @@ -74,7 +74,7 @@ def is_tasks_request(request) -> bool: def is_tasks_or_admin_request(request) -> bool: - """True if https://blog.hubspot.com/marketing/shrug-emojithe request is from the Tasks scheduler (or an admin).""" + """True if the request is from the Tasks scheduler (or an admin).""" return is_tasks_request(request) or is_admin_request(request)