[Django] #24336: static server should skip for protocol-relative STATIC_URL
Django
------------------------------+--------------------
Reporter: Tuttle | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 1 | UI/UX: 0
------------------------------+--------------------
As per http://stackoverflow.com/questions/550038/is-it-valid-to-replace-
http-with-in-a-script-src-http and the spread of http/https websites it
appears to be legitimate to have STATIC_URL and MEDIA_URL starting with
`//` leading to a different domain under my control, but keeping the
protocol. Hence this check
{{{
# No-op if not in debug mode or an non-local prefix
if not settings.DEBUG or (prefix and '://' in prefix):
return []
}}}
in `django.conf.urls.static.static` will not match and does not turn off
the static server as it should.
I guess `://` should at least be changed to `//`.
--
Ticket URL: <https://code.djangoproject.com/ticket/24336>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Tuttle | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by phalt):
* needs_better_patch: => 0
* needs_tests: => 1
* needs_docs: => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:1>
Django
Reporter: Tuttle | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by phalt):
I experimented on a local branch of Django and changed the `://` to `//`
and didn't see any immediate problems. However this'll definitely need
tests to verify.
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:2>
Django
Reporter: Tuttle | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by aaugustin):
It would be safer to skip URLs starting with:
- `http://`
- `https://`
- `//`
The most robust solution may be to parse the URL and skip it if the host
part isn't empty.
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:3>
Django
Reporter: Tuttle | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by timgraham):
* type: Bug => Cleanup/optimization
* needs_tests: 1 => 0
* easy: 1 => 0
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:4>
Django
Reporter: Tuttle | Owner: farrepa
Type: Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
* status: new => assigned
* owner: nobody => farrepa
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:5>
Django
Reporter: Vlada Macek | Owner: farrepa
Type: Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
* has_patch: 0 => 1
Comment:
[https://github.com/django/django/pull/10219 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:6>
Django
Reporter: Vlada Macek | Owner: farrepa
Cleanup/optimization |
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:7>
Django
Reporter: Vlada Macek | Owner: farrepa
Cleanup/optimization |
Component: Core (Other) | Version: master
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"2a74ceb5f371c1083bfc9b95e093543ba09eb20f" 2a74ceb5]:
{{{
#!CommitTicketReference repository=""
revision="2a74ceb5f371c1083bfc9b95e093543ba09eb20f"
Fixed #24336 -- Made django.conf.urls.static() ignore all absolute URLs
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/24336#comment:8>