Anubis was accidentally enabled for all traffic (/) instead of just
the /coprs/ web UI. This caused unnecessary bot challenges for API
clients, dnf/yum, and other automated tools.
Use Anubis BASE_PREFIX to cleanly protect only specific endpoints:
- Frontend: /coprs/ (web UI)
- Dist-git: /{{ cgit_uri }}/ (package browser)
https://anubis.techaro.lol/docs/admin/installation#using-base-prefix
Fix OIDC "Invalid redirect_uri" error (Flask generating http:// URLs).
Since SSL is terminated at the frontend/Anubis, traffic reaches this backend via HTTP.
This forces the application to believe it is running over HTTPS based on the header
forwarded by the trusted frontend, ensuring OIDC redirect URLs are generated with https://.
My hypothesis is that web crawlers are especially attracted to the /cgit
string in the URL, assuming it leads to useful source code for AI
training.
In reality, our cgit instance isn't a valuable source for AI learning.
It primarily contains unstructured changes to spec files that often fail
to comply with guidelines. It seems unlikely that a human is
intentionally directing AI crawlers to our instance.
I may be wrong, but the experiment is as simple as the change in this
commit.
Closes: https://github.com/fedora-copr/copr/issues/3873
P.S. On the off chance you actually want to use Copr's Git repos for AI
learning, you're welcome to! But please reach out to us first—we can
find a better way for you to access all that data than using Cgit.
Closes: #2858
In the get_url we hit https://github.com/ansible/ansible/pull/80751,
since the ansible version is not 2.16 (it's 2.14), thus manually adding
the certificates instead of getting them from url.
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Someone from that group created "trolling" copr group copr-gonzo, so we
denied this group. If someone will complain, redirect them to this
commit message.
