Opened 13 years ago
Closed 11 years ago
#16727 closed Bug (fixed)
contrib.contenttypes.views.shortcut error
Reported by: | anonymous | Owned by: | tcsorrel |
---|---|---|---|
Component: | contrib.contenttypes | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | thomas@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
There is a problem during absurl processing:
absurl = obj.get_absolute_url() if absurl.startswith('http://') or absurl.startswith('https://'): return http.HttpResponseRedirect(absurl) else: ...
So, if get_absolute_url returns 'sub.example.com/entry.html' shortcut view will return something like 'http://example.com//sub.example.com/entry.html'
This problem was founded with help of django_hosts application. Author of this app decided to return urls without 'http:' or 'https:' prefix. Here is the explanation:
The double slash at the beginning of the href is an easy way to not have to worry about which scheme (http or https) is used. Your browser will automatically choose the currently used scheme. If you're on https://mysite.com/ a link with an href of mysite.com/about/ would actually point to https://mysite.com/about/. For more information see the The protocol-relative URL article by Paul Irish or the appropriate section in RFC 3986.
I think the better way is urlparse lib using to decide on the url kind.
Change History (6)
comment:1 by , 13 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:2 by , 13 years ago
#16753 was opened for the bug in syndication. This one is just about contenttypes.
comment:3 by , 11 years ago
Has patch: | set |
---|---|
Needs tests: | set |
Version: | 1.3 → master |
comment:4 by , 11 years ago
Cc: | added |
---|---|
Owner: | changed from | to
Status: | new → assigned |
comment:5 by , 11 years ago
Needs tests: | unset |
---|
Please find a fix with the corresponding tests included in this pull request :
https://github.com/django/django/pull/2388
I preferred not to use regular expression thinking that 3 "startswith" tests might be faster.
comment:6 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
By grepping the entire codebase for
startswith\(['"]https?://
, I have found this pattern in the following files:django.contrib.contenttypes.views
(line 25) => it's the bug reported here,django.contrib.syndication.views
(line 11) => it's a similar bug,django.utils.html
(line 132) => it's debatable, we'd probably better not touch this.