From 2bd1adb5859f416e2ec3abbc3fa0e09c98b844b5 Mon Sep 17 00:00:00 2001 From: Bob Silverberg Date: Tue, 1 Feb 2022 14:34:44 -0500 Subject: [PATCH] Allow Fake FxA login page to redirect to :7000 (#18718) --- settings.py | 1 + settings_test.py | 2 ++ src/olympia/amo/tests/test_utils.py | 13 +++++++++++++ src/olympia/amo/utils.py | 14 ++++++++++---- src/olympia/lib/settings_base.py | 4 ++++ 5 files changed, 30 insertions(+), 4 deletions(-) diff --git a/settings.py b/settings.py index 176fa54dcd..fdc1c9d7e1 100644 --- a/settings.py +++ b/settings.py @@ -67,6 +67,7 @@ ES_DEFAULT_NUM_REPLICAS = 0 SITE_URL = os.environ.get('OLYMPIA_SITE_URL') or 'http://localhost:8000' DOMAIN = SERVICES_DOMAIN = urlparse(SITE_URL).netloc +ADDONS_FRONTEND_PROXY_PORT = '7000' SERVICES_URL = SITE_URL INTERNAL_SITE_URL = 'http://nginx' EXTERNAL_SITE_URL = SITE_URL diff --git a/settings_test.py b/settings_test.py index abb7c8ddaf..1ac619729f 100644 --- a/settings_test.py +++ b/settings_test.py @@ -96,3 +96,5 @@ CELERY_TASK_ROUTES.update({ # switch cached_db out for just cache sessions to avoid extra db queries SESSION_ENGINE = 'django.contrib.sessions.backends.cache' + +ADDONS_FRONTEND_PROXY_PORT = None diff --git a/src/olympia/amo/tests/test_utils.py b/src/olympia/amo/tests/test_utils.py index fe9b44614c..8c39f1467d 100644 --- a/src/olympia/amo/tests/test_utils.py +++ b/src/olympia/amo/tests/test_utils.py @@ -6,6 +6,7 @@ from urllib.parse import urlparse from django.conf import settings from django.test import RequestFactory +from django.test.utils import override_settings from django.utils.functional import cached_property from django.utils.http import quote_etag @@ -372,3 +373,15 @@ class TestIsSafeUrl(TestCase): assert not is_safe_url( f'https://{settings.DOMAIN}', request, allowed_hosts=[foobaa_domain] ) + + @override_settings(DOMAIN='mozilla.com', ADDONS_FRONTEND_PROXY_PORT='1234') + def test_includes_host_for_proxy_when_proxy_port_setting_exists(self): + request = RequestFactory().get('/') + assert is_safe_url('https://mozilla.com:1234', request) + assert not is_safe_url('https://mozilla.com:9876', request) + + @override_settings(DOMAIN='mozilla.com') + def test_proxy_port_defaults_to_none(self): + request = RequestFactory().get('/') + assert is_safe_url('https://mozilla.com', request) + assert not is_safe_url('https://mozilla.com:7000', request) diff --git a/src/olympia/amo/utils.py b/src/olympia/amo/utils.py index 4794c946c0..e483f22b40 100644 --- a/src/olympia/amo/utils.py +++ b/src/olympia/amo/utils.py @@ -1179,10 +1179,16 @@ class HttpResponseTemporaryRedirect(HttpResponseRedirectBase): def is_safe_url(url, request, allowed_hosts=None): """Use Django's `url_has_allowed_host_and_scheme()` and pass a configured list of allowed hosts and enforce HTTPS. `allowed_hosts` can be specified.""" - allowed_hosts = allowed_hosts or ( - settings.DOMAIN, - urlparse(settings.CODE_MANAGER_URL).netloc, - ) + if not allowed_hosts: + allowed_hosts = ( + settings.DOMAIN, + urlparse(settings.CODE_MANAGER_URL).netloc, + ) + if settings.ADDONS_FRONTEND_PROXY_PORT: + allowed_hosts = allowed_hosts + ( + f'{settings.DOMAIN}:{settings.ADDONS_FRONTEND_PROXY_PORT}', + ) + require_https = request.is_secure() if request else False return url_has_allowed_host_and_scheme( url, allowed_hosts=allowed_hosts, require_https=require_https diff --git a/src/olympia/lib/settings_base.py b/src/olympia/lib/settings_base.py index 81af3fc401..52706ca6e5 100644 --- a/src/olympia/lib/settings_base.py +++ b/src/olympia/lib/settings_base.py @@ -200,6 +200,10 @@ HOSTNAME = socket.gethostname() # need the real domain. DOMAIN = HOSTNAME +# The port used by the frontend when running frontend locally with +# addons-server in docker. This will default it to None for dev/prod/stage. +ADDONS_FRONTEND_PROXY_PORT = None + # Full base URL for your main site including protocol. No trailing slash. # Example: https://addons.mozilla.org SITE_URL = 'http://%s' % DOMAIN