almet/umap
1
0
Fork 0
mirror of https://github.com/umap-project/umap.git synced 2025-04-29 03:42:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

chore: more logs in the ajax proxy validate url (#2362)

Browse source 
This should only be used in localhost, but there are a bunch of check
and it's often that we need to add print to understand why the URL does
not validate, which is usually an issue with the SITE_URL or this kind.
So let's make those print permanent.
This commit is contained in:
Yohan Boniface 2024-12-13 09:12:12 +01:00 committed by GitHub
commit 30b685ae43
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
umap/views.py
View file

@ -452,27 +452,27 @@ showcase = MapsShowCase.as_view()
def validate_url(request):
assert request.method == "GET"
assert request.method == "GET", "Wrong HTTP method"
url = request.GET.get("url")
assert url
assert url, "Missing URL"
try:
URLValidator(url)
except ValidationError:
raise AssertionError()
assert "HTTP_REFERER" in request.META
except ValidationError as err:
raise AssertionError(err)
assert "HTTP_REFERER" in request.META, "Missing HTTP_REFERER"
referer = urlparse(request.META.get("HTTP_REFERER"))
toproxy = urlparse(url)
local = urlparse(settings.SITE_URL)
assert toproxy.hostname
assert referer.hostname == local.hostname
assert toproxy.hostname != "localhost"
assert toproxy.netloc != local.netloc
assert toproxy.hostname, "No hostname"
assert referer.hostname == local.hostname, f"{referer.hostname} != {local.hostname}"
assert toproxy.hostname != "localhost", "Invalid localhost target"
assert toproxy.netloc != local.netloc, "Invalid netloc"
try:
# clean this when in python 3.4
ipaddress = socket.gethostbyname(toproxy.hostname)
except:
raise AssertionError()
assert not PRIVATE_IP.match(ipaddress)
except Exception as err:
raise AssertionError(err)
assert not PRIVATE_IP.match(ipaddress), "Private IP"
return url
@ -480,7 +480,8 @@ class AjaxProxy(View):
def get(self, *args, **kwargs):
try:
url = validate_url(self.request)
except AssertionError:
except AssertionError as err:
print(f"AjaxProxy: {err}")
return HttpResponseBadRequest()
try:
ttl = int(self.request.GET.get("ttl"))