Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: change 'Accounts_AvatarBlockUnauthenticatedAccess' default value from false to true #33035

Merged
merged 2 commits into from
Aug 16, 2024
Merged

chore: change 'Accounts_AvatarBlockUnauthenticatedAccess' default value from false to true #33035

merged 2 commits into from
Aug 16, 2024

Conversation

julio-cfa
Copy link
Member

@julio-cfa julio-cfa commented Aug 13, 2024
edited
Loading

Proposed changes (including videos or screenshots)

As part of a security by default approach, we should deny unauthenticated access to avatars by default. This PR changes the default value from false to true.

EDIT: in order to properly handle anonymous access, instead of returning 403 and Forbidden, this PR alters the logic to return an avatar with the user / room initials.

Issue(s)

N/A

Steps to test or reproduce

N/A

Further comments

N/A

@julio-cfa julio-cfa requested a review from a team as a code owner August 13, 2024 16:33
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 13, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: cd7d8a4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@dionisio-bot dionisio-bot
Copy link
Contributor

dionisio-bot bot commented Aug 13, 2024
edited
Loading

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

ricardogarim
ricardogarim previously approved these changes Aug 13, 2024
View reviewed changes
@codecov Codecov
Copy link

codecov bot commented Aug 13, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.40%. Comparing base (17f3d5e) to head (cd7d8a4).
Report is 1 commits behind head on develop.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           develop   #33035   +/-   ##
========================================
  Coverage    59.39%   59.40%           
========================================
  Files         2541     2541           
  Lines        63178    63176    -2     
  Branches     14220    14220           
========================================
  Hits         37527    37527           
+ Misses       22936    22934    -2     
  Partials      2715     2715
Flag Coverage Δ
unit 76.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@julio-cfa julio-cfa added this to the 6.12 milestone Aug 13, 2024
@julio-cfa julio-cfa force-pushed the chore/change-default-value-for-avatar-view branch from 9036724 to cd7d8a4 Compare August 15, 2024 23:51
@julio-cfa julio-cfa added the stat: QA assured Means it has been tested and approved by a company insider label Aug 15, 2024
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label Aug 15, 2024
@kodiakhq kodiakhq bot merged commit 9048692 into develop Aug 16, 2024
51 checks passed
@kodiakhq kodiakhq bot deleted the chore/change-default-value-for-avatar-view branch August 16, 2024 00:31
abhinavkrin pushed a commit that referenced this pull request Oct 25, 2024
@julio-cfa @abhinavkrin
chore: change 'Accounts_AvatarBlockUnauthenticatedAccess' default val…
abf07ac 
…ue from false to true (#33035)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ricardogarim ricardogarim ricardogarim approved these changes

@sampaiodiego sampaiodiego Awaiting requested review from sampaiodiego

@KevLehman KevLehman Awaiting requested review from KevLehman

@jessicaschelly jessicaschelly Awaiting requested review from jessicaschelly

Assignees
No one assigned
Labels
stat: QA assured Means it has been tested and approved by a company insider stat: ready to merge PR tested and approved waiting for merge
Projects
None yet
Milestone
6.12
Development

Successfully merging this pull request may close these issues.
2 participants
@julio-cfa @ricardogarim