fix(integrations): fix CORS issue on GitHub-initiated GitHub installation (#59137)

oioki · web-flow · commit 39ed9f26ade2 · 2023-10-31T23:13:23.000+01:00
Fixes this CORS issue when trying to install GitHub integration from GitHub side: > Access to fetch at 'https://sentry.io/extensions/github/installation/xxxxxxxx/' from origin 'https://sentry.sentry.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. Follow-up fix of #59000
diff --git a/src/sentry/integrations/github/installation.py b/src/sentry/integrations/github/installation.py
@@ -4,9 +4,12 @@
 import time
 
 from django.http import HttpResponse
-from django.views.generic import View
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.request import Request
 
+from sentry.api.api_owners import ApiOwner
+from sentry.api.api_publish_status import ApiPublishStatus
+from sentry.api.base import Endpoint, control_silo_endpoint
 from sentry.constants import ObjectStatus
 from sentry.models.integrations.integration import Integration
 from sentry.models.integrations.organization_integration import OrganizationIntegration
@@ -17,7 +20,15 @@
 INSTALLATION_EXPOSURE_MAX_TIME = 10 * 60
 
 
-class GitHubIntegrationsInstallationEndpoint(View):
+@control_silo_endpoint
+class GitHubIntegrationsInstallationEndpoint(Endpoint):
+    publish_status = {
+        "GET": ApiPublishStatus.PRIVATE,
+    }
+    owner = ApiOwner.ENTERPRISE
+
+    permission_classes = (IsAuthenticated,)
+
     def get(self, request: Request, installation_id):
         try:
             integration = Integration.objects.get(
diff --git a/static/app/data/controlsiloUrlPatterns.ts b/static/app/data/controlsiloUrlPatterns.ts
@@ -4,6 +4,7 @@ const patterns: RegExp[] = [
   new RegExp('^remote/github/marketplace/purchase/$'),
   new RegExp('^docs/api/user/$'),
   new RegExp('^_experiment/log_exposure/$'),
+  new RegExp('^api/0/signup/$'),
   new RegExp('^api/0/audit-logs/$'),
   new RegExp('^api/0/_admin/options/$'),
   new RegExp('^api/0/billingadmins/$'),
@@ -141,6 +142,7 @@ const patterns: RegExp[] = [
   new RegExp('^extensions/slack/link-identity/[^/]+/$'),
   new RegExp('^extensions/slack/unlink-identity/[^/]+/$'),
   new RegExp('^extensions/github/webhook/$'),
+  new RegExp('^extensions/github/installation/[^/]+/$'),
   new RegExp('^extensions/github/search/[^/]+/[^/]+/$'),
   new RegExp('^extensions/gitlab/search/[^/]+/[^/]+/$'),
   new RegExp('^extensions/vsts/search/[^/]+/[^/]+/$'),
diff --git a/tests/sentry/integrations/github/test_installation.py b/tests/sentry/integrations/github/test_installation.py
@@ -17,6 +17,7 @@ class InstallationEndpointTest(APITestCase):
     base_url = "https://api.github.com"
 
     def setUp(self):
+        self.login_as(self.user)
         self.url = "/extensions/github/webhook/"
         self.secret = "b3002c3e321d4b7880360d397db2ccfd"
         options.set("github-app.webhook-secret", self.secret)
