Allow Fake FxA login page to redirect to :7000 (#18718)

settings.py

@@ -67,6 +67,7 @@ ES_DEFAULT_NUM_REPLICAS = 0
 
 SITE_URL = os.environ.get('OLYMPIA_SITE_URL') or 'http://localhost:8000'
 DOMAIN = SERVICES_DOMAIN = urlparse(SITE_URL).netloc
+ADDONS_FRONTEND_PROXY_PORT = '7000'
 SERVICES_URL = SITE_URL
 INTERNAL_SITE_URL = 'http://nginx'
 EXTERNAL_SITE_URL = SITE_URL

settings_test.py

@@ -96,3 +96,5 @@ CELERY_TASK_ROUTES.update({
 
 # switch cached_db out for just cache sessions to avoid extra db queries
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
+
+ADDONS_FRONTEND_PROXY_PORT = None

src/olympia/amo/tests/test_utils.py

@@ -6,6 +6,7 @@ from urllib.parse import urlparse
 
 from django.conf import settings
 from django.test import RequestFactory
+from django.test.utils import override_settings
 from django.utils.functional import cached_property
 from django.utils.http import quote_etag
 
@@ -372,3 +373,15 @@ class TestIsSafeUrl(TestCase):
         assert not is_safe_url(
             f'https://{settings.DOMAIN}', request, allowed_hosts=[foobaa_domain]
         )
+
+    @override_settings(DOMAIN='mozilla.com', ADDONS_FRONTEND_PROXY_PORT='1234')
+    def test_includes_host_for_proxy_when_proxy_port_setting_exists(self):
+        request = RequestFactory().get('/')
+        assert is_safe_url('https://mozilla.com:1234', request)
+        assert not is_safe_url('https://mozilla.com:9876', request)
+
+    @override_settings(DOMAIN='mozilla.com')
+    def test_proxy_port_defaults_to_none(self):
+        request = RequestFactory().get('/')
+        assert is_safe_url('https://mozilla.com', request)
+        assert not is_safe_url('https://mozilla.com:7000', request)

src/olympia/amo/utils.py

@@ -1179,10 +1179,16 @@ class HttpResponseTemporaryRedirect(HttpResponseRedirectBase):
 def is_safe_url(url, request, allowed_hosts=None):
     """Use Django's `url_has_allowed_host_and_scheme()` and pass a configured
     list of allowed hosts and enforce HTTPS.  `allowed_hosts` can be specified."""
-    allowed_hosts = allowed_hosts or (
-        settings.DOMAIN,
-        urlparse(settings.CODE_MANAGER_URL).netloc,
-    )
+    if not allowed_hosts:
+        allowed_hosts = (
+            settings.DOMAIN,
+            urlparse(settings.CODE_MANAGER_URL).netloc,
+        )
+        if settings.ADDONS_FRONTEND_PROXY_PORT:
+            allowed_hosts = allowed_hosts + (
+                f'{settings.DOMAIN}:{settings.ADDONS_FRONTEND_PROXY_PORT}',
+            )
+
     require_https = request.is_secure() if request else False
     return url_has_allowed_host_and_scheme(
         url, allowed_hosts=allowed_hosts, require_https=require_https

src/olympia/lib/settings_base.py

@@ -200,6 +200,10 @@ HOSTNAME = socket.gethostname()
 # need the real domain.
 DOMAIN = HOSTNAME
 
+# The port used by the frontend when running frontend locally with
+# addons-server in docker. This will default it to None for dev/prod/stage.
+ADDONS_FRONTEND_PROXY_PORT = None
+
 # Full base URL for your main site including protocol.  No trailing slash.
 #   Example: https://addons.mozilla.org
 SITE_URL = 'http://%s' % DOMAIN