Shields: ValidationError: needs to be an origin string, e.g. https://host.domain with optional port and no trailing slash

Created on 18 Aug 2020  路  6Comments  路  Source: badges/shields

Are you experiencing an issue with...

  • [ ] [shields.io](https://shields.io/#/)
  • [x] My own instance in Docker
  • [ ] [badge-maker NPM package](https://www.npmjs.com/package/badge-maker)

:beetle: Description

I have the env var BITBUCKET_SERVER_ORIGINS=https://domain.com/bitbucket
This is our internal proxy server. And there is no way I can access this without /bitbucket.
Is there a way to solve this problem?

question self-hosting
Source
picture axi92

Most helpful comment

IIRC the origin env var is only used to validate the security check on the token, not for the request.

That's correct. This is basically just defining which domains you'll allow your self-hosted Shields server to issue authenticated requests to in order to avoid any exfil of your configure creds.

You'll probably want to have something like this in your config:
BITBUCKET_SERVER_ORIGINS=https://my-private-bitbucket-server-domain.com

Then for your actual badges, you can specify the full url to your instance:
https://your-self-hosted-shields-server-url/bitbucket/pr/foo/bar?server=https://my-private-bitbucket-server-domain.com/bitbucket

picture calebcartwright on 18 Aug 2020
👍2

All 6 comments

Hi! Have you tried setting the env var to just the origin part? IIRC the origin env var is only used to validate the security check on the token, not for the request.

paulmelnikow picture paulmelnikow on 18 Aug 2020

IIRC the origin env var is only used to validate the security check on the token, not for the request.

That's correct. This is basically just defining which domains you'll allow your self-hosted Shields server to issue authenticated requests to in order to avoid any exfil of your configure creds.

You'll probably want to have something like this in your config:
BITBUCKET_SERVER_ORIGINS=https://my-private-bitbucket-server-domain.com

Then for your actual badges, you can specify the full url to your instance:
https://your-self-hosted-shields-server-url/bitbucket/pr/foo/bar?server=https://my-private-bitbucket-server-domain.com/bitbucket

calebcartwright picture calebcartwright on 18 Aug 2020
👍2

This would be a great addition to the docs.

@axi92 any chance you'd be up for improving that in a PR?

paulmelnikow picture paulmelnikow on 18 Aug 2020

https://github.com/badges/shields/blob/master/doc/server-secrets.md#authorized-origins

calebcartwright picture calebcartwright on 18 Aug 2020

Ah ok I understand. That is the server that is on the whitelist for sending credentials to.
What is missing in the docs? @paulmelnikow
As far as I see if I would have read the docs I could understand how it is meant to be xD

axi92 picture axi92 on 20 Aug 2020

I guess I thought you had looked at the docs and that it wasn鈥檛 clear you could still use a deep link under that domain. Maybe they are good enough as they are!

paulmelnikow picture paulmelnikow on 20 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

chadwhitacre picture chadwhitacre  路  4Comments
PyvesB picture PyvesB  路  3Comments
kirankotari picture kirankotari  路  3Comments
rominf picture rominf  路  3Comments
AlexWayfer picture AlexWayfer  路  3Comments