Squashed commit of the following:

commit 3962f54
Author: Uma Annamalai <[email protected]>
Date:   Thu Jan 4 12:50:58 2024 -0800

    Remove case sensitive check in ASGIBrowserMiddleware check. (#1017)

    * Remove case sensitive check in should_insert_html.

    * [Mega-Linter] Apply linters fixes

    * Remove header decoding.

    ---------

    Co-authored-by: umaannamalai <[email protected]>

commit c3314ae
Author: Lalleh Rafeei <[email protected]>
Date:   Tue Jan 2 17:17:20 2024 -0800

    Temporarily pin hypercorn version in tests (#1021)

    * Temporarily pin hypercorn to <0.16

    * Temporarily pin hypercorn to <0.16

    * Add comment to tox.ini

    ---------

    Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

commit 1357145
Author: Uma Annamalai <[email protected]>
Date:   Tue Jan 2 16:17:08 2024 -0800

    Drop py27 from memcache testing. (#1018)

commit 23f969f
Author: Timothy Pansino <[email protected]>
Date:   Wed Dec 20 17:01:50 2023 -0800

    Nonced CSP Support (#998)

    * Add nonce to CSP in browser agent

    * Adjust nonce position

    * Add testing for browser timing nonces

commit 8bfd2b7
Author: Uma Annamalai <[email protected]>
Date:   Mon Dec 18 13:58:10 2023 -0800

    Remove RPM config workflow. (#1007)

Author: TimPansino

.github/actions/update-rpm-config/action.yml

@@ -80,13 +80,3 @@ jobs:
         env:
           TWINE_USERNAME: __token__
           TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-
-      - name: Update RPM Config
-        uses: ./.github/actions/update-rpm-config
-        with:
-          agent-language: "python"
-          target-system: "all"
-          agent-version: "${{ github.ref_name }}"
-          dry-run: "false"
-          production-api-key: ${{ secrets.NEW_RELIC_API_KEY_PRODUCTION }}
-          staging-api-key: ${{ secrets.NEW_RELIC_API_KEY_STAGING }}

.github/workflows/deploy-python.yml

@@ -97,7 +97,9 @@ def should_insert_html(self, headers):
         content_type = None
 
         for header_name, header_value in headers:
-            # assume header names are lower cased in accordance with ASGI spec
+            # ASGI spec (https://asgi.readthedocs.io/en/latest/specs/www.html#http) states
+            # header names should be lower cased, but not required
+            header_name = header_name.lower()
             if header_name == b"content-type":
                 content_type = header_value
             elif header_name == b"content-encoding":
@@ -318,7 +320,6 @@ async def nr_async_asgi(receive, send):
                 send=send,
                 source=wrapped,
             ) as transaction:
-
                 # Record details of framework against the transaction for later
                 # reporting as supportability metrics.
                 if framework:

newrelic/api/asgi_application.py

@@ -1912,17 +1912,17 @@ def add_framework_info(name, version=None):
         transaction.add_framework_info(name, version)
 
 
-def get_browser_timing_header():
+def get_browser_timing_header(nonce=None):
     transaction = current_transaction()
     if transaction and hasattr(transaction, "browser_timing_header"):
-        return transaction.browser_timing_header()
+        return transaction.browser_timing_header(nonce)
     return ""
 
 
-def get_browser_timing_footer():
+def get_browser_timing_footer(nonce=None):
     transaction = current_transaction()
     if transaction and hasattr(transaction, "browser_timing_footer"):
-        return transaction.browser_timing_footer()
+        return transaction.browser_timing_footer(nonce)
     return ""
 
 

newrelic/api/transaction.py

@@ -39,9 +39,8 @@
 
 _logger = logging.getLogger(__name__)
 
-_js_agent_header_fragment = '<script type="text/javascript">%s</script>'
-_js_agent_footer_fragment = '<script type="text/javascript">'\
-                            'window.NREUM||(NREUM={});NREUM.info=%s</script>'
+_js_agent_header_fragment = '<script type="text/javascript"%s>%s</script>'
+_js_agent_footer_fragment = '<script type="text/javascript"%s>window.NREUM||(NREUM={});NREUM.info=%s</script>'
 
 # Seconds since epoch for Jan 1 2000
 JAN_1_2000 = time.mktime((2000, 1, 1, 0, 0, 0, 0, 0, 0))
@@ -156,6 +155,13 @@ def _is_websocket(environ):
     return environ.get('HTTP_UPGRADE', '').lower() == 'websocket'
 
 
+def _encode_nonce(nonce):
+    if not nonce:
+        return ""
+    else:
+        return ' nonce="%s"' % ensure_str(nonce)  # Extra space intentional
+
+
 class WebTransaction(Transaction):
     unicode_error_reported = False
     QUEUE_TIME_HEADERS = ('x-request-start', 'x-queue-start')
@@ -386,7 +392,7 @@ def _update_agent_attributes(self):
 
         return super(WebTransaction, self)._update_agent_attributes()
 
-    def browser_timing_header(self):
+    def browser_timing_header(self, nonce=None):
         """Returns the JavaScript header to be included in any HTML
         response to perform real user monitoring. This function returns
         the header as a native Python string. In Python 2 native strings
@@ -437,7 +443,7 @@ def browser_timing_header(self):
         # 'none'.
 
         if self._settings.js_agent_loader:
-            header = _js_agent_header_fragment % self._settings.js_agent_loader
+            header = _js_agent_header_fragment % (_encode_nonce(nonce), self._settings.js_agent_loader)
 
             # To avoid any issues with browser encodings, we will make sure
             # that the javascript we inject for the browser agent is ASCII
@@ -476,7 +482,7 @@ def browser_timing_header(self):
 
         return header
 
-    def browser_timing_footer(self):
+    def browser_timing_footer(self, nonce=None):
         """Returns the JavaScript footer to be included in any HTML
         response to perform real user monitoring. This function returns
         the footer as a native Python string. In Python 2 native strings
@@ -541,7 +547,7 @@ def browser_timing_footer(self):
             attributes = obfuscate(json_encode(attributes), obfuscation_key)
             footer_data['atts'] = attributes
 
-        footer = _js_agent_footer_fragment % json_encode(footer_data)
+        footer = _js_agent_footer_fragment % (_encode_nonce(nonce), json_encode(footer_data))
 
         # To avoid any issues with browser encodings, we will make sure that
         # the javascript we inject for the browser agent is ASCII encodable.

newrelic/api/web_transaction.py

@@ -32,6 +32,7 @@
     get_browser_timing_footer,
     get_browser_timing_header,
 )
+from newrelic.api.web_transaction import web_transaction
 from newrelic.api.wsgi_application import wsgi_application
 from newrelic.common.encoding_utils import deobfuscate
 
@@ -1026,3 +1027,31 @@ def test_html_insertion_manual_rum_insertion():
     # footer added by the agent.
 
     response.mustcontain(no=["NREUM HEADER", "NREUM.info"])
+
+
+_test_get_browser_timing_nonces_settings = {
+    "browser_monitoring.enabled": True,
+    "browser_monitoring.auto_instrument": False,
+    "js_agent_loader": "<!-- NREUM HEADER -->",
+}
+
+@override_application_settings(_test_get_browser_timing_nonces_settings)
+@web_transaction(scheme="http", host="127.0.0.1", port=80, request_method="GET",
+        request_path="/", query_string=None, headers={})
+def test_get_browser_timing_nonces():
+    header = get_browser_timing_header("NONCE")
+    footer = get_browser_timing_footer("NONCE")
+
+    assert header == '<script type="text/javascript" nonce="NONCE"><!-- NREUM HEADER --></script>'
+    assert '<script type="text/javascript" nonce="NONCE">' in footer
+
+
+@override_application_settings(_test_get_browser_timing_nonces_settings)
+@web_transaction(scheme="http", host="127.0.0.1", port=80, request_method="GET",
+        request_path="/", query_string=None, headers={})
+def test_get_browser_timing_no_nonces():
+    header = get_browser_timing_header()
+    footer = get_browser_timing_footer()
+
+    assert header == '<script type="text/javascript"><!-- NREUM HEADER --></script>'
+    assert '<script type="text/javascript">' in footer

tests/agent_features/test_browser.py

@@ -57,7 +57,7 @@ envlist =
     kafka-messagebroker_kafkapython-{py27,py38}-kafkapython{020001,020000},
     kafka-messagebroker_kafkapython-{pypy27,py27,py37,py38,pypy38}-kafkapythonlatest,
     memcached-datastore_bmemcached-{pypy27,py27,py37,py38,py39,py310,py311,py312}-memcached030,
-    memcached-datastore_memcache-{py27,py37,py38,py39,py310,py311,py312,pypy27,pypy38}-memcached01,
+    memcached-datastore_memcache-{py37,py38,py39,py310,py311,py312,pypy38}-memcached01,
     memcached-datastore_pylibmc-{py27,py37},
     memcached-datastore_pymemcache-{py27,py37,py38,py39,py310,py311,py312,pypy27,pypy38},
     mongodb-datastore_pymongo-{py27,py37,py38,py39,py310,py311,py312,pypy27}-pymongo03,
@@ -174,7 +174,8 @@ deps =
     adapter_gunicorn-aiohttp03-py312: aiohttp==3.9.0rc0
     adapter_gunicorn-gunicorn19: gunicorn<20
     adapter_gunicorn-gunicornlatest: gunicorn
-    adapter_hypercorn-hypercornlatest: hypercorn
+    ; Temporarily pinned.  Needs to be addressed
+    adapter_hypercorn-hypercornlatest: hypercorn<0.16
     adapter_hypercorn-hypercorn0013: hypercorn<0.14
     adapter_hypercorn-hypercorn0012: hypercorn<0.13
     adapter_hypercorn-hypercorn0011: hypercorn<0.12