-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prettier DRF pages when using trusted proxy #15579
base: devel
Are you sure you want to change the base?
Conversation
This is a rather hacky, but fixes the DRF pages when going through a trusted proxy. Notably: This is meant to primarily fix the DRF pages on downstream builds while leaving the upstream to function as-is. When using a trusted proxy, the DRF login and logout endpoints now redirect to the Platform login page (which respects ?next) and logout endpoint respectively. The CSS and JS is inlined because the trusted proxy might only proxy to /api/ and not /static/ which is a harder problem to solve. Signed-off-by: Rick Elrod <[email protected]>
@@ -97,6 +103,15 @@ def get(self, request, *args, **kwargs): | |||
return super(LoggedLoginView, self).get(request, *args, **kwargs) | |||
|
|||
def post(self, request, *args, **kwargs): | |||
if is_proxied_request(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting. I didn't consider NOT allowing users to login that come through the gateway. I like this restriction. But then I worry about what effect it will have on QE things (ATF & tower-qe).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could leave the POST endpoint alone in case anything is using it, I suppose. But I would hope everything is using either basic auth or token auth. 🤔
<link rel="stylesheet" type="text/css" href="{% static 'rest_framework/css/bootstrap.min.css' %}" /> | ||
{% if proxied %} | ||
<style> | ||
{% inline_file "static/api/api.css" True %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's just leave a little teeny tiny comment saying that inline_file
is a DAB util. You know, just for purposes of back-linking, so I won't go search Django source code for it.
Signed-off-by: Rick Elrod <[email protected]>
Quality Gate passedIssues Measures |
SUMMARY
This is a rather hacky, but fixes the DRF pages when going through a trusted proxy.
Notably: This is meant to primarily fix the DRF pages on downstream builds while leaving the upstream to function as-is.
When using a trusted proxy, the DRF login and logout endpoints now redirect to the Platform login page (which respects ?next) and logout endpoint respectively.
The CSS and JS is inlined because the trusted proxy might only proxy to /api/ and not /static/ which is a harder problem to solve.
Depends on: ansible/django-ansible-base#628
ISSUE TYPE
COMPONENT NAME