Opened 11 years ago
Last modified 9 years ago
#19538 closed Cleanup/optimization
__admin_media_prefix__ in admin templates — at Initial Version
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.admin | Version: | dev |
| Severity: | Normal | Keywords: | admin S3 DateTime |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
contrib/admin/templates/admin/base.html contains the line:
<script type="text/javascript">window.admin_media_prefix = "{% filter escapejs %}{% static "admin/" %}{% endfilter %}";</script>
The admin_media_prefix is used in contrib/admin/static/admin/js/admin/DateTimeShortcuts.js to form URLs by concatenation:
DateTimeShortcuts.admin_media_prefix + 'img/icon_clock.gif'
This causes a problem with certain storage backends (such as S3 Boto) which include authentication digests as part of the URL. For instance, when using the S3 Boto backend, my admin renders the following line:
<script type="text/javascript">window.admin_media_prefix = "https://oca3\u002Dqa.s3.amazonaws.com/admin?Signature\u003DXIt%2FCc9wPWjaw%2F3ITNjkYE3bc%2FI%3D\u0026Expires\u003D1356844210\u0026AWSAccessKeyId\u003DAKIAIGREZ7J53KZ23QKQ";</script>
Which, when concatenated with the fixed string generates the invalid URL: https://oca3\u002Dqa.s3.amazonaws.com/admin?Signature\u003DXIt%2FCc9wPWjaw%2F3ITNjkYE3bc%2FI%3D\u0026Expires\u003D1356844210\u0026AWSAccessKeyId\u003DAKIAIGREZ7J53KZ23QKQimg/icon_clock.gif
I suspect that the assumption the DateTime widget is relying on ({% static a+b %} should be equivelant to {% static a %}b) is invalid, and it should be using a more robust method to determine the static URL of its resources. The DateTime widget appears to be the only element depending on admin_media_prefix, and thus the only one to fail when switching to a backend that doesn't support its assumption.