Prettier DRF pages when using trusted proxy #15579
Conversation
This is a rather hacky, but fixes the DRF pages when going through a trusted proxy. Notably: This is meant to primarily fix the DRF pages on downstream builds while leaving the upstream to function as-is. When using a trusted proxy, the DRF login and logout endpoints now redirect to the Platform login page (which respects ?next) and logout endpoint respectively. The CSS and JS is inlined because the trusted proxy might only proxy to /api/ and not /static/ which is a harder problem to solve. Signed-off-by: Rick Elrod <[email protected]>
| @@ -97,6 +103,15 @@ def get(self, request, *args, **kwargs): | |||
| return super(LoggedLoginView, self).get(request, *args, **kwargs) | |||
|
|
|||
| def post(self, request, *args, **kwargs): | |||
| if is_proxied_request(): | |||
There was a problem hiding this comment.
Interesting. I didn't consider NOT allowing users to login that come through the gateway. I like this restriction. But then I worry about what effect it will have on QE things (ATF & tower-qe).
There was a problem hiding this comment.
We could leave the POST endpoint alone in case anything is using it, I suppose. But I would hope everything is using either basic auth or token auth. 🤔
| <link rel="stylesheet" type="text/css" href="{% static 'rest_framework/css/bootstrap.min.css' %}" /> | ||
| {% if proxied %} | ||
| <style> | ||
| {% inline_file "static/api/api.css" True %} |
There was a problem hiding this comment.
Let's just leave a little teeny tiny comment saying that inline_file is a DAB util. You know, just for purposes of back-linking, so I won't go search Django source code for it.
Signed-off-by: Rick Elrod <[email protected]>
|
SUMMARY
This is a rather hacky, but fixes the DRF pages when going through a trusted proxy.
Notably: This is meant to primarily fix the DRF pages on downstream builds while leaving the upstream to function as-is.
When using a trusted proxy, the DRF login and logout endpoints now redirect to the Platform login page (which respects ?next) and logout endpoint respectively.
The CSS and JS is inlined because the trusted proxy might only proxy to /api/ and not /static/ which is a harder problem to solve.
Depends on: ansible/django-ansible-base#628
ISSUE TYPE
COMPONENT NAME