Fixed #13218 -- Ensure that syndicated content served over HTTPS uses https:// links by default. Thanks to schaefer for the report, and Ben Firshman for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14007 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
060701a26a
commit
ed32170a04
|
@ -8,13 +8,17 @@ from django.utils import feedgenerator, tzinfo
|
||||||
from django.utils.encoding import force_unicode, iri_to_uri, smart_unicode
|
from django.utils.encoding import force_unicode, iri_to_uri, smart_unicode
|
||||||
from django.utils.html import escape
|
from django.utils.html import escape
|
||||||
|
|
||||||
def add_domain(domain, url):
|
def add_domain(domain, url, secure=False):
|
||||||
if not (url.startswith('http://')
|
if not (url.startswith('http://')
|
||||||
or url.startswith('https://')
|
or url.startswith('https://')
|
||||||
or url.startswith('mailto:')):
|
or url.startswith('mailto:')):
|
||||||
# 'url' must already be ASCII and URL-quoted, so no need for encoding
|
# 'url' must already be ASCII and URL-quoted, so no need for encoding
|
||||||
# conversions here.
|
# conversions here.
|
||||||
url = iri_to_uri(u'http://%s%s' % (domain, url))
|
if secure:
|
||||||
|
protocol = 'https'
|
||||||
|
else:
|
||||||
|
protocol = 'http'
|
||||||
|
url = iri_to_uri(u'%s://%s%s' % (protocol, domain, url))
|
||||||
return url
|
return url
|
||||||
|
|
||||||
class FeedDoesNotExist(ObjectDoesNotExist):
|
class FeedDoesNotExist(ObjectDoesNotExist):
|
||||||
|
@ -94,7 +98,7 @@ class Feed(object):
|
||||||
current_site = get_current_site(request)
|
current_site = get_current_site(request)
|
||||||
|
|
||||||
link = self.__get_dynamic_attr('link', obj)
|
link = self.__get_dynamic_attr('link', obj)
|
||||||
link = add_domain(current_site.domain, link)
|
link = add_domain(current_site.domain, link, request.is_secure())
|
||||||
|
|
||||||
feed = self.feed_type(
|
feed = self.feed_type(
|
||||||
title = self.__get_dynamic_attr('title', obj),
|
title = self.__get_dynamic_attr('title', obj),
|
||||||
|
@ -102,8 +106,11 @@ class Feed(object):
|
||||||
link = link,
|
link = link,
|
||||||
description = self.__get_dynamic_attr('description', obj),
|
description = self.__get_dynamic_attr('description', obj),
|
||||||
language = settings.LANGUAGE_CODE.decode(),
|
language = settings.LANGUAGE_CODE.decode(),
|
||||||
feed_url = add_domain(current_site.domain,
|
feed_url = add_domain(
|
||||||
self.__get_dynamic_attr('feed_url', obj) or request.path),
|
current_site.domain,
|
||||||
|
self.__get_dynamic_attr('feed_url', obj) or request.path,
|
||||||
|
request.is_secure(),
|
||||||
|
),
|
||||||
author_name = self.__get_dynamic_attr('author_name', obj),
|
author_name = self.__get_dynamic_attr('author_name', obj),
|
||||||
author_link = self.__get_dynamic_attr('author_link', obj),
|
author_link = self.__get_dynamic_attr('author_link', obj),
|
||||||
author_email = self.__get_dynamic_attr('author_email', obj),
|
author_email = self.__get_dynamic_attr('author_email', obj),
|
||||||
|
@ -137,7 +144,11 @@ class Feed(object):
|
||||||
description = description_tmp.render(RequestContext(request, {'obj': item, 'site': current_site}))
|
description = description_tmp.render(RequestContext(request, {'obj': item, 'site': current_site}))
|
||||||
else:
|
else:
|
||||||
description = self.__get_dynamic_attr('item_description', item)
|
description = self.__get_dynamic_attr('item_description', item)
|
||||||
link = add_domain(current_site.domain, self.__get_dynamic_attr('item_link', item))
|
link = add_domain(
|
||||||
|
current_site.domain,
|
||||||
|
self.__get_dynamic_attr('item_link', item),
|
||||||
|
request.is_secure(),
|
||||||
|
)
|
||||||
enc = None
|
enc = None
|
||||||
enc_url = self.__get_dynamic_attr('item_enclosure_url', item)
|
enc_url = self.__get_dynamic_attr('item_enclosure_url', item)
|
||||||
if enc_url:
|
if enc_url:
|
||||||
|
|
|
@ -236,6 +236,25 @@ class SyndicationFeedTest(FeedTestCase):
|
||||||
if link.getAttribute('rel') == 'self':
|
if link.getAttribute('rel') == 'self':
|
||||||
self.assertEqual(link.getAttribute('href'), 'http://example.com/customfeedurl/')
|
self.assertEqual(link.getAttribute('href'), 'http://example.com/customfeedurl/')
|
||||||
|
|
||||||
|
def test_secure_urls(self):
|
||||||
|
"""
|
||||||
|
Test URLs are prefixed with https:// when feed is requested over HTTPS.
|
||||||
|
"""
|
||||||
|
response = self.client.get('/syndication/rss2/', **{
|
||||||
|
'wsgi.url_scheme': 'https',
|
||||||
|
})
|
||||||
|
doc = minidom.parseString(response.content)
|
||||||
|
chan = doc.getElementsByTagName('channel')[0]
|
||||||
|
self.assertEqual(
|
||||||
|
chan.getElementsByTagName('link')[0].firstChild.wholeText[0:5],
|
||||||
|
'https'
|
||||||
|
)
|
||||||
|
atom_link = chan.getElementsByTagName('atom:link')[0]
|
||||||
|
self.assertEqual(atom_link.getAttribute('href')[0:5], 'https')
|
||||||
|
for link in doc.getElementsByTagName('link'):
|
||||||
|
if link.getAttribute('rel') == 'self':
|
||||||
|
self.assertEqual(link.getAttribute('href')[0:5], 'https')
|
||||||
|
|
||||||
def test_item_link_error(self):
|
def test_item_link_error(self):
|
||||||
"""
|
"""
|
||||||
Test that a ImproperlyConfigured is raised if no link could be found
|
Test that a ImproperlyConfigured is raised if no link could be found
|
||||||
|
@ -270,6 +289,10 @@ class SyndicationFeedTest(FeedTestCase):
|
||||||
views.add_domain('example.com', '/foo/?arg=value'),
|
views.add_domain('example.com', '/foo/?arg=value'),
|
||||||
'http://example.com/foo/?arg=value'
|
'http://example.com/foo/?arg=value'
|
||||||
)
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
views.add_domain('example.com', '/foo/?arg=value', True),
|
||||||
|
'https://example.com/foo/?arg=value'
|
||||||
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
views.add_domain('example.com', 'http://djangoproject.com/doc/'),
|
views.add_domain('example.com', 'http://djangoproject.com/doc/'),
|
||||||
'http://djangoproject.com/doc/'
|
'http://djangoproject.com/doc/'
|
||||||
|
|
Loading…
Reference in New Issue