Opened 8 years ago

Last modified 4 years ago

#10327 new Bug

Pass document.domain to popup windows in admin

Reported by: Joost Cassee Owned by: nobody
Component: contrib.admin Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

Some applications require Javascript collaboration between views and scripts from the static media location. When these are served from different domains collaboration fails because of the same origin policy implemented in browsers. Scripts can still work together if they are served from subdomains with a common parent (for example, www.example.com and media.example.com) by setting the document.domain variable to that common parent (in the example, example.com).

Unfortunately, the document.domain variable is not automatically passed to newly opened windows. The attached patch passes the variable to popup windows in the admin interface. Currently it is always passed, but may be nicer to do so only if it is different from the real server name. There are also currently no tests; I'm unsure how to test this functionality.

The patch was tested with the TinyMCE editor, which uses the above trick for its own popup windows. The patch allows, for example, the raw_id_fields functionality to work again for pages with TinyMCE editors (when static files are served from a different domain).

Attachments (2)

10327-r9845.diff (2.8 KB) - added by Joost Cassee 8 years ago.
10327-r9969.diff (3.1 KB) - added by Joost Cassee 8 years ago.

Download all attachments as: .zip

Change History (13)

Changed 8 years ago by Joost Cassee

Attachment: 10327-r9845.diff added

comment:1 Changed 8 years ago by Jacob

milestone: 1.1
Patch needs improvement: set
Triage Stage: UnreviewedAccepted

comment:2 Changed 8 years ago by Joost Cassee

The new patch only appends the jsdom query parameter if the Javascript domain differs from the location domain. Additionally, it is given its own variable in the template context (like is_popup). I hope the patch is now good enough to be applied, otherwise please indicate how to improve it.

Changed 8 years ago by Joost Cassee

Attachment: 10327-r9969.diff added

comment:3 Changed 8 years ago by Joost Cassee

Has patch: set
Patch needs improvement: unset

Setting has_patch and removing needs_better_patch to invite patch review.

comment:4 Changed 8 years ago by Jacob

milestone: 1.11.2

Pushing to 1.2 since this is an uncommon case. For now you can use a custom template along with the custom widget to do this same thing if you need.

comment:5 Changed 8 years ago by s.federici

Patch needs improvement: set

Patches proposed breaks the Admin ForingnKey javascript (/media/js/admin/RelatedObjectLookups.js)

I have changed my prospectives, all static resources affected by this bug, for the "Same origin policy", will be served by central site.

comment:6 in reply to:  5 Changed 8 years ago by Joost Cassee

Replying to s.federici:

Patches proposed breaks the Admin ForingnKey javascript (/media/js/admin/RelatedObjectLookups.js)

Funny, the patch was supposed to fix the admin ForeignKey problem. I'll look into it, thanks for the heads-up.

I have changed my prospectives, all static resources affected by this bug, for the "Same origin policy", will be served by central site.

Sorry, I don't really understand this sentence.

comment:7 Changed 7 years ago by James Bennett

milestone: 1.2

1.2 is feature-frozen, moving this feature request off the milestone.

comment:8 Changed 6 years ago by Chris Beaven

Severity: Normal
Type: Bug

comment:9 Changed 5 years ago by Aymeric Augustin

UI/UX: unset

Change UI/UX from NULL to False.

comment:10 Changed 5 years ago by Aymeric Augustin

Easy pickings: unset

Change Easy pickings from NULL to False.

comment:11 Changed 4 years ago by Gert Van Gool

This could be solved now with the changes from #19773.

Note: See TracTickets for help on using tickets.
Back to Top