Opened 11 years ago
Closed 7 years ago
#24336 closed Cleanup/optimization (fixed)
static server should skip for protocol-relative STATIC_URL
| Reported by: | Vlada Macek | Owned by: | farrepa |
|---|---|---|---|
| Component: | Core (Other) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As per http://stackoverflow.com/questions/550038/is-it-valid-to-replace-http-with-in-a-script-src-http and the spread of http/https websites it appears to be legitimate to have STATIC_URL and MEDIA_URL starting with // leading to a different domain under my control, but keeping the protocol. Hence this check
# No-op if not in debug mode or an non-local prefix
if not settings.DEBUG or (prefix and '://' in prefix):
return []
in django.conf.urls.static.static will not match and does not turn off the static server as it should.
I guess :// should at least be changed to //.
Change History (8)
comment:1 by , 11 years ago
| Needs tests: | set |
|---|
comment:2 by , 11 years ago
comment:3 by , 11 years ago
It would be safer to skip URLs starting with:
http://https:////
The most robust solution may be to parse the URL and skip it if the host part isn't empty.
comment:4 by , 11 years ago
| Easy pickings: | unset |
|---|---|
| Needs tests: | unset |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Bug → Cleanup/optimization |
comment:5 by , 11 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:7 by , 7 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
I experimented on a local branch of Django and changed the
://to//and didn't see any immediate problems. However this'll definitely need tests to verify.