From 8db974b96adce6f69f0226ecd58f86851952c612 Mon Sep 17 00:00:00 2001 From: Yohan Boniface Date: Thu, 12 Dec 2024 21:06:09 +0100 Subject: [PATCH] chore: more logs in the ajax proxy validate url This should only be used in localhost, but there are a bunch of check and it's often that we need to add print to understand why the URL does not validate, which is usually an issue with the SITE_URL or this kind. So let's make those print permanent. --- umap/views.py | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/umap/views.py b/umap/views.py index 12c2d18f..895fe3b1 100644 --- a/umap/views.py +++ b/umap/views.py @@ -452,27 +452,27 @@ showcase = MapsShowCase.as_view() def validate_url(request): - assert request.method == "GET" + assert request.method == "GET", "Wrong HTTP method" url = request.GET.get("url") - assert url + assert url, "Missing URL" try: URLValidator(url) - except ValidationError: - raise AssertionError() - assert "HTTP_REFERER" in request.META + except ValidationError as err: + raise AssertionError(err) + assert "HTTP_REFERER" in request.META, "Missing HTTP_REFERER" referer = urlparse(request.META.get("HTTP_REFERER")) toproxy = urlparse(url) local = urlparse(settings.SITE_URL) - assert toproxy.hostname - assert referer.hostname == local.hostname - assert toproxy.hostname != "localhost" - assert toproxy.netloc != local.netloc + assert toproxy.hostname, "No hostname" + assert referer.hostname == local.hostname, f"{referer.hostname} != {local.hostname}" + assert toproxy.hostname != "localhost", "Invalid localhost target" + assert toproxy.netloc != local.netloc, "Invalid netloc" try: # clean this when in python 3.4 ipaddress = socket.gethostbyname(toproxy.hostname) - except: - raise AssertionError() - assert not PRIVATE_IP.match(ipaddress) + except Exception as err: + raise AssertionError(err) + assert not PRIVATE_IP.match(ipaddress), "Private IP" return url @@ -480,7 +480,8 @@ class AjaxProxy(View): def get(self, *args, **kwargs): try: url = validate_url(self.request) - except AssertionError: + except AssertionError as err: + print(f"AjaxProxy: {err}") return HttpResponseBadRequest() try: ttl = int(self.request.GET.get("ttl"))