Code

Opened 5 years ago

Last modified 16 months ago

#10327 new Bug

Pass document.domain to popup windows in admin

Reported by: jcassee Owned by: nobody
Component: contrib.admin Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

Some applications require Javascript collaboration between views and scripts from the static media location. When these are served from different domains collaboration fails because of the same origin policy implemented in browsers. Scripts can still work together if they are served from subdomains with a common parent (for example, www.example.com and media.example.com) by setting the document.domain variable to that common parent (in the example, example.com).

Unfortunately, the document.domain variable is not automatically passed to newly opened windows. The attached patch passes the variable to popup windows in the admin interface. Currently it is always passed, but may be nicer to do so only if it is different from the real server name. There are also currently no tests; I'm unsure how to test this functionality.

The patch was tested with the TinyMCE editor, which uses the above trick for its own popup windows. The patch allows, for example, the raw_id_fields functionality to work again for pages with TinyMCE editors (when static files are served from a different domain).

Attachments (2)

10327-r9845.diff (2.8 KB) - added by jcassee 5 years ago.
10327-r9969.diff (3.1 KB) - added by jcassee 5 years ago.

Download all attachments as: .zip

Change History (13)

Changed 5 years ago by jcassee

comment:1 Changed 5 years ago by jacob

  • milestone set to 1.1
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement set
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 5 years ago by jcassee

The new patch only appends the jsdom query parameter if the Javascript domain differs from the location domain. Additionally, it is given its own variable in the template context (like is_popup). I hope the patch is now good enough to be applied, otherwise please indicate how to improve it.

Changed 5 years ago by jcassee

comment:3 Changed 5 years ago by jcassee

  • Has patch set
  • Patch needs improvement unset

Setting has_patch and removing needs_better_patch to invite patch review.

comment:4 Changed 5 years ago by jacob

  • milestone changed from 1.1 to 1.2

Pushing to 1.2 since this is an uncommon case. For now you can use a custom template along with the custom widget to do this same thing if you need.

comment:5 follow-up: Changed 5 years ago by s.federici

  • Patch needs improvement set

Patches proposed breaks the Admin ForingnKey javascript (/media/js/admin/RelatedObjectLookups.js)

I have changed my prospectives, all static resources affected by this bug, for the "Same origin policy", will be served by central site.

comment:6 in reply to: ↑ 5 Changed 5 years ago by jcassee

Replying to s.federici:

Patches proposed breaks the Admin ForingnKey javascript (/media/js/admin/RelatedObjectLookups.js)

Funny, the patch was supposed to fix the admin ForeignKey problem. I'll look into it, thanks for the heads-up.

I have changed my prospectives, all static resources affected by this bug, for the "Same origin policy", will be served by central site.

Sorry, I don't really understand this sentence.

comment:7 Changed 4 years ago by ubernostrum

  • milestone 1.2 deleted

1.2 is feature-frozen, moving this feature request off the milestone.

comment:8 Changed 3 years ago by SmileyChris

  • Severity set to Normal
  • Type set to Bug

comment:9 Changed 2 years ago by aaugustin

  • UI/UX unset

Change UI/UX from NULL to False.

comment:10 Changed 2 years ago by aaugustin

  • Easy pickings unset

Change Easy pickings from NULL to False.

comment:11 Changed 16 months ago by gvangool

This could be solved now with the changes from #19773.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as new
The owner will be changed from nobody to anonymous. Next status will be 'assigned'
as The resolution will be set. Next status will be 'closed'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.