)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7186,"name":"Matthieu Huin","email":"mhuin@redhat.com","username":"mhu"},"change_message_id":"be73737ffeee1d8947db9a99e2b40ba6db7048f2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":26,"id":"e6aaf2a2_42adb142","updated":"2023-03-30 12:51:41.000000000","message":"recheck\nFailure seems caused by flakiness, a genuine one would occur on tox-py311 too","commit_id":"e3e57605ef4b8cc6ec6bbaa3d29ae0eb38b5053c"},{"author":{"_account_id":7186,"name":"Matthieu Huin","email":"mhuin@redhat.com","username":"mhu"},"change_message_id":"18895f317e3e92f6e13e5d2f2c3963fad356349d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":27,"id":"99daf3b8_5119f720","updated":"2023-03-31 07:44:52.000000000","message":"recheck\nflakiness likely culprit","commit_id":"b66b80dc616cfc9b471935be48bf7650eb46f8c6"}],"zuul/web/__init__.py":[{"author":{"_account_id":2,"name":"Monty Taylor","email":"mordred@inaugust.com","username":"mordred"},"change_message_id":"6055ae0ad0d71cf7cb90c34cd3e9909426585ddd","unresolved":true,"context_lines":[{"line_number":1009,"context_line":"        for build in builds:"},{"line_number":1010,"context_line":"            # Put all non-final (retry) builds under a different key"},{"line_number":1011,"context_line":"            if not build.final:"},{"line_number":1012,"context_line":"      é          ret[\u0027retry_builds\u0027].append(self.buildToDict(build))"},{"line_number":1013,"context_line":"            else:"},{"line_number":1014,"context_line":"                ret[\u0027builds\u0027].append(self.buildToDict(build))"},{"line_number":1015,"context_line":"        return ret"}],"source_content_type":"text/x-python","patch_set":2,"id":"e0e65c53_d55810c0","line":1012,"range":{"start_line":1012,"start_character":6,"end_line":1012,"end_character":8},"updated":"2020-12-18 13:31:21.000000000","message":"typo","commit_id":"ba263e8a001c8984289742136673d51d8c663ee3"},{"author":{"_account_id":7186,"name":"Matthieu Huin","email":"mhuin@redhat.com","username":"mhu"},"change_message_id":"fc46db1e0366d2384f24946c002b3cbd27a055e5","unresolved":true,"context_lines":[{"line_number":1171,"context_line":"        self.static_cache_expiry \u003d static_cache_expiry"},{"line_number":1172,"context_line":"        self.info \u003d info"},{"line_number":1173,"context_line":"        self.static_path \u003d os.path.abspath(static_path or STATIC_DIR)"},{"line_number":1174,"context_line":"        self.enable_cors \u003d enable_cors"},{"line_number":1175,"context_line":"        self.allowed_origin \u003d allowed_origin"},{"line_number":1176,"context_line":"        # instanciate handlers"},{"line_number":1177,"context_line":"        self.rpc \u003d zuul.rpcclient.RPCClient(gear_server, gear_port,"}],"source_content_type":"text/x-python","patch_set":6,"id":"7abd7f8f_723650cc","line":1174,"range":{"start_line":1174,"start_character":8,"end_line":1174,"end_character":38},"updated":"2021-02-03 10:20:36.000000000","message":"This doesn\u0027t seem to be used anywhere?","commit_id":"c8111c6b2e3daee6b6fa400936874d2576e35a2a"},{"author":{"_account_id":31440,"name":"Clément Mondion","email":"clement.mondion@adevinta.com","username":"clement.mondion"},"change_message_id":"70cb8ff8dac29317dff6173654f4c1d84c029a3c","unresolved":true,"context_lines":[{"line_number":1171,"context_line":"        self.static_cache_expiry \u003d static_cache_expiry"},{"line_number":1172,"context_line":"        self.info \u003d info"},{"line_number":1173,"context_line":"        self.static_path \u003d os.path.abspath(static_path or STATIC_DIR)"},{"line_number":1174,"context_line":"        self.enable_cors \u003d enable_cors"},{"line_number":1175,"context_line":"        self.allowed_origin \u003d allowed_origin"},{"line_number":1176,"context_line":"        # instanciate handlers"},{"line_number":1177,"context_line":"        self.rpc \u003d zuul.rpcclient.RPCClient(gear_server, gear_port,"}],"source_content_type":"text/x-python","patch_set":6,"id":"b7333f0c_fc5f7817","line":1174,"range":{"start_line":1174,"start_character":8,"end_line":1174,"end_character":38},"in_reply_to":"7abd7f8f_723650cc","updated":"2021-02-03 13:09:31.000000000","message":"You\u0027re right","commit_id":"c8111c6b2e3daee6b6fa400936874d2576e35a2a"},{"author":{"_account_id":7186,"name":"Matthieu Huin","email":"mhuin@redhat.com","username":"mhu"},"change_message_id":"fc46db1e0366d2384f24946c002b3cbd27a055e5","unresolved":true,"context_lines":[{"line_number":1300,"context_line":"                # required for CORS"},{"line_number":1301,"context_line":"                \u0027tools.response_headers.on\u0027: True,"},{"line_number":1302,"context_line":"                \u0027tools.response_headers.headers\u0027: ["},{"line_number":1303,"context_line":"                    (\u0027Access-Control-Allow-Origin\u0027, allowed_origin)"},{"line_number":1304,"context_line":"                ]"},{"line_number":1305,"context_line":"            }"},{"line_number":1306,"context_line":"        }"}],"source_content_type":"text/x-python","patch_set":6,"id":"93f50d0b_551b3438","line":1303,"range":{"start_line":1303,"start_character":0,"end_line":1303,"end_character":67},"updated":"2021-02-03 10:20:36.000000000","message":"I think we want to be able to define a white list of allowed origins that match tenant deployments (for example zuul.opendev.org and zuul.openstack.org) instead of either one allowed origin or \u0027*\u0027.\nThis doc explains how white lists should be handled: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#access-control-allow-origin\nNote that we\u0027d also want to enforce CORS without the wildcard especially for requests with credentials.\nA quick look at cherrypy\u0027s doc didn\u0027t show anything about support for origin white lists out of the box; you might have to write a function that checks the \u0027Origin\u0027 header of the request against the white list, and returns it as the Access-Control-Allow-Origin response header if it is in the white list.","commit_id":"c8111c6b2e3daee6b6fa400936874d2576e35a2a"},{"author":{"_account_id":31440,"name":"Clément Mondion","email":"clement.mondion@adevinta.com","username":"clement.mondion"},"change_message_id":"23ecbd651b6d840f67bcbf92598a5f8b8e05e030","unresolved":true,"context_lines":[{"line_number":1300,"context_line":"                # required for CORS"},{"line_number":1301,"context_line":"                \u0027tools.response_headers.on\u0027: True,"},{"line_number":1302,"context_line":"                \u0027tools.response_headers.headers\u0027: ["},{"line_number":1303,"context_line":"                    (\u0027Access-Control-Allow-Origin\u0027, allowed_origin)"},{"line_number":1304,"context_line":"                ]"},{"line_number":1305,"context_line":"            }"},{"line_number":1306,"context_line":"        }"}],"source_content_type":"text/x-python","patch_set":6,"id":"f9511594_e03c514e","line":1303,"range":{"start_line":1303,"start_character":0,"end_line":1303,"end_character":67},"in_reply_to":"26a7f006_b38da92b","updated":"2021-02-03 13:11:40.000000000","message":"Oh sorry did not see your comment. We saw the same thing. I can try this origin check, I have to figure out where to do this first.","commit_id":"c8111c6b2e3daee6b6fa400936874d2576e35a2a"},{"author":{"_account_id":7186,"name":"Matthieu Huin","email":"mhuin@redhat.com","username":"mhu"},"change_message_id":"c006ab76ac19477e26363738bda4877dd0b25335","unresolved":true,"context_lines":[{"line_number":1300,"context_line":"                # required for CORS"},{"line_number":1301,"context_line":"                \u0027tools.response_headers.on\u0027: True,"},{"line_number":1302,"context_line":"                \u0027tools.response_headers.headers\u0027: ["},{"line_number":1303,"context_line":"                    (\u0027Access-Control-Allow-Origin\u0027, allowed_origin)"},{"line_number":1304,"context_line":"                ]"},{"line_number":1305,"context_line":"            }"},{"line_number":1306,"context_line":"        }"}],"source_content_type":"text/x-python","patch_set":6,"id":"26a7f006_b38da92b","line":1303,"range":{"start_line":1303,"start_character":0,"end_line":1303,"end_character":67},"in_reply_to":"93f50d0b_551b3438","updated":"2021-02-03 10:24:51.000000000","message":"\u003e A quick look at cherrypy\u0027s doc didn\u0027t show anything about support for origin white lists out of the box; you might have to write a function that checks the \u0027Origin\u0027 header of the request against the white list, and returns it as the Access-Control-Allow-Origin response header if it is in the white list.\n\nYou could actually expand the handle_options decorator to become a more generic CORS handler, like in https://groups.google.com/g/cherrypy-users/c/VKv_KkLJi14?pli\u003d1","commit_id":"c8111c6b2e3daee6b6fa400936874d2576e35a2a"}]}