Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-9903

Replace referer in the HTTP Request header by a cookie

    Details

    • Type: Story
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      The current mechanism to pass URL parameters from the Django application to the individual bokeh apps is based on the Referer header parameter. This is not working properly because this parameter is optional, see for instance https://tools.ietf.org/html/rfc7231#section-5.5.2. Depending on the browser configuration it may not include it.

      We should make the Django application add a custom parameter in the HTTP Response to fix this problem.

      https://docs.djangoproject.com/en/1.8/ref/request-response/

        Attachments

          Issue Links

            Activity

            Hide
            afausti Angelo Fausti added a comment - - edited

            The proposed solution adds the django full URL, obtained from HttpRequest.get_full_path(), into the HTTP Response as a cookie.

            The sequence is the following:

            1) a request comes through Django with the query string to set the bokeh app state
            2) django adds the full path of the request in the HTTP Response as a cookie
            3) the browser is redirected to the corresponding bokeh app (and the cookie is copied to the new request)
            4) the bokeh app recovers the query string from the HTTP Request cookie and use the parameters to set its state

            Note that if cookies are disable in the browser the bokeh app will be loaded using its default values.

            Show
            afausti Angelo Fausti added a comment - - edited The proposed solution adds the django full URL, obtained from HttpRequest.get_full_path(), into the HTTP Response as a cookie. The sequence is the following: 1) a request comes through Django with the query string to set the bokeh app state 2) django adds the full path of the request in the HTTP Response as a cookie 3) the browser is redirected to the corresponding bokeh app (and the cookie is copied to the new request) 4) the bokeh app recovers the query string from the HTTP Request cookie and use the parameters to set its state Note that if cookies are disable in the browser the bokeh app will be loaded using its default values.
            Show
            afausti Angelo Fausti added a comment - See https://github.com/lsst-sqre/qa-dashboard/pull/38
            Hide
            afausti Angelo Fausti added a comment -

            As suggested during review set the django SESSION_COOKIE_DOMAIN configuration so that the cookies set by squash are visible to the bokeh app within the ".lsst.codes" domain.

            See https://docs.djangoproject.com/en/1.8/ref/settings/#session-cookie-domain

            Here is the PR https://github.com/lsst-sqre/sandbox-jenkins-demo/pull/91

            Show
            afausti Angelo Fausti added a comment - As suggested during review set the django SESSION_COOKIE_DOMAIN configuration so that the cookies set by squash are visible to the bokeh app within the ".lsst.codes" domain. See https://docs.djangoproject.com/en/1.8/ref/settings/#session-cookie-domain Here is the PR https://github.com/lsst-sqre/sandbox-jenkins-demo/pull/91
            Hide
            afausti Angelo Fausti added a comment - - edited

            As pointed during the review if no route is matched an HTTP 404 should be returned and a "Page not found" message should be rendered.

            Show
            afausti Angelo Fausti added a comment - - edited As pointed during the review if no route is matched an HTTP 404 should be returned and a "Page not found" message should be rendered.
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            All concerns were addressed on the qa-dashboard PR.

            Show
            jhoblitt Joshua Hoblitt added a comment - All concerns were addressed on the qa-dashboard PR.

              People

              • Assignee:
                afausti Angelo Fausti
                Reporter:
                afausti Angelo Fausti
                Reviewers:
                Joshua Hoblitt
                Watchers:
                Angelo Fausti, Joshua Hoblitt
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel