Generated pages are blank when SECURE_SSL_REDIRECT is enabled #24
Labels
Comments
stevejalim
pushed a commit
to mdn/developer-portal
that referenced
this issue
Sep 23, 2019
…bakes out empty HTML This commit subclasses wagtail-bakery's `AllPublishedPagesView` in a way that detects application-level SSL redirection in order to avoid an issue where rendered pages end up being 0 bytes. See wagtail-nest/wagtail-bakery#24 for confirmation of the issue and the discussion on wagtail-nest/wagtail-bakery#25 that points to a custom view being the (current) workaround. Ideally we'll be able to replace this when that issue is resolved. The code in this commit is basically taken from that closed PR, which adds the `secure_request` variable. Hat-tip to @loicteixeira - thanks! No unit test added, but manually tested locally to confirm this does indeed fix the static build while `SECURE_SSL_REDIRECT` is `True`
stevejalim
pushed a commit
to mdn/developer-portal
that referenced
this issue
Sep 25, 2019
* 22: Enable recommended-by-Django security settings as defaults The base settings now follow all-but-one of the recommendations from manage.py `check --deploy`. The only one that's not been done in this changeset is SECURE_HSTS_SECONDS, because of the risk of "serious, irreversible problems". That needs to be planned in to enable it properly. Note that we're explicitly setting what HTTP header to look for to detect the SSL-forwarded header, which should stop the redirect loop in production. Development settings turn off SSL redirect, because the local build isn't set to use HTTPS. (It could be tweaked to use HTTPS, too - but that's out of scope for this piece) * 22: Address issue with wagtail-bakery where SECURE_SSL_REDIRECT=True bakes out empty HTML This commit subclasses wagtail-bakery's `AllPublishedPagesView` in a way that detects application-level SSL redirection in order to avoid an issue where rendered pages end up being 0 bytes. See wagtail-nest/wagtail-bakery#24 for confirmation of the issue and the discussion on wagtail-nest/wagtail-bakery#25 that points to a custom view being the (current) workaround. Ideally we'll be able to replace this when that issue is resolved. The code in this commit is basically taken from that closed PR, which adds the `secure_request` variable. Hat-tip to @loicteixeira - thanks! No unit test added, but manually tested locally to confirm this does indeed fix the static build while `SECURE_SSL_REDIRECT` is `True`
William-Blackie
pushed a commit
to William-Blackie/Wagtail-Backery-Squash-POC
that referenced
this issue
Aug 3, 2020
- Toward wagtail-nest#24. Pending image stretch fix, need to enhance
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It is sometimes required to set
SECURE_SSL_REDIRECTtoTruein the settings (e.g. you can't force the redirection before the request reaches Django). When you do so however, the generated pages will be completely blank.This is because the request is not set as
secure:https://github.com/moorinteractive/wagtail-bakery/blob/4c2979956a9601ffd25811314e90b31f713e60c6/src/wagtailbakery/views.py#L91-L92
Which returns a
HttpResponsePermanentRedirectwhich isn't handled (it reaches the 3rd if branch wherereponse.contentisb''):https://github.com/moorinteractive/wagtail-bakery/blob/4c2979956a9601ffd25811314e90b31f713e60c6/src/wagtailbakery/views.py#L31-L40
While there might be some discussions to have on how a
HttpResponsePermanentRedirectshould be handled, I reckon this is for another issue and that the right fix here is to set therequestassecure. I'll open a PR shortly.The text was updated successfully, but these errors were encountered: