Onion location paths #733
Onion location paths #733
Conversation
chigby
force-pushed
the
onion-location-paths
branch
2 times, most recently
from
6c8c4c2 to
2fd4957
Compare
There was a problem hiding this comment.
So right now if the footer_settings.securedrop_onion_address is set to an onion address without https:// in the beginning (which is the case in createdevdata), the urljoin() function technically just replaces the onion address with just the request.path. Hence only the path is returned in that case. I am not sure in which format onion address is saved in prod. Maybe can add a check of some sort to append https:// in the beginning?
|
I think there is a validator on the model itself: securedrop.org/common/models/settings.py Lines 43 to 52 in e67c78c Though I also do see the benefit of ensuring we don't do the wrong thing in this middleware either, regardless of the overall format. |
|
Maybe create dev data is what needs to be changed. Hm. |
Possible. Hence marked it as a comment and not request changes. I think given the validator, probably safe to just update create dev data |
|
Added! Thanks for the review. |
chigby
force-pushed
the
onion-location-paths
branch
from
66785d5 to
5cbaafc
Compare
The Onion Location Middleware requires this setting to act as a "base" URL in order to form the correct header value, so we need the `http://` in this setting. The validation already tries to make sure this happens, so we ought to have it in the default value as well.
harrislapiroff
force-pushed
the
onion-location-paths
branch
from
5cbaafc to
6c1997b
Compare
|
Given that @maeve-fpf is deploying the k8s powered version of this site tomorrow which will include nginx managed onion-location headers, this PR is no longer necessary (I didn't get my review together in time, whoops). Closing without merging. |
This pull request fixes the problem with the
Onion-Locationheader always referring to the home page, rather than the page path requested by each individual page.Fixes #724