带有子域配置的损坏的 django-debug-toolbar 面板
Broken django-debug-toolbar panels with sub domains configuration
我正在研究 djangoproject.com website with Django Debug Toolbar configured in this dev settings。
我在 djanoproject.com 的 django-debug-toolbar that I reported in the issue #796 中发现了一个问题,但经过一些测试后,我认为这只是一个配置问题,我们需要帮助来解决它。
以下所有句子都与本地使用的分支 master 上的代码有关。
Django 调试工具栏适用于 www ,例如,如果我打开 http://www.djangoproject.dev:8000/ 我可以显示工具栏并打开 SQL 面板。
例如,如果我尝试打开 http://docs.djangoproject.dev:8000/en/1.11/,我可以看到工具栏,但如果我尝试打开 SQL 面板,我会看到 0: error
这是我在浏览器控制台上看到的消息:
Failed to load
http://www.djangoproject.dev:8000/debug/render_panel/?store_id=212b2bb5adc54a3a81b97b6da5547d4c&panel_id=SQLPanel:
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://docs.djangoproject.dev:8000' is therefore not
allowed access.
直接打开url:
可以看到所有数据
我认为问题在于工具栏试图为面板打开 www. 而不是 docs. url 但我不知道如何更新设置来解决这个问题。
您能否向我们建议修复此错误并使用 django-debug-toolbar panels with in different third-level domains as for docs.djangoproject.com 的代码?
在我的 PR 与此解决方案的答案合并到 djangoproject.com 代码后,我想编写解决方案以便一些用户可以找到类似问题的解决方案。
这是@jezdez issue 的回答,解释了问题:
In short: this is a CORS error since it tries to request a resource with Javascript on a different subdomain that isn't allowed to be requested.
The reason why the URL that is rendered by debug_toolbar uses the www subdomain automatically is because the djangoproject project has the django-hosts hosts_override feature installed, which automatically overrides the Django-built-in url template tag witht he one that is capable of resolving Django URLs as a fully qualified URLs and not only as URL paths.
The host_url template tag which is by now also called when the url template tag is used, will fall back to using the host as defined by the DEFAULT_HOST setting, which in our case is www.
Since we can't easily override the call to the url tag in the debug toolbar template to pass in a different host (e.g. docs) there is basically only one other option: set the appropriate CORS header Access-Control-Allow-Origin to allow a page loaded under the docs subdomain to access a resource under the www subdomain. I would strongly suggest to do that and not mess with the URL generation. That said, this is something that should only be applied to the development environment, to reduce the chance for abuse in production.
Actually setting the CORS header is as simple as writing a very small middleware that does it manually. No need to use a full-blown app like django-cors-headers.
我用 local-only 中间件解决了这个问题,它设置了 CORS 'Access-Control-Allow-Origin' header 以允许调试。
class CORSMiddleware(object):
"""
Set the CORS 'Access-Control-Allow-Origin' header to allow the debug
toolbar to work on the docs domain.
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response['Access-Control-Allow-Origin'] = '*'
return response
这是合并后的 commit,它确实有效。
我正在研究 djangoproject.com website with Django Debug Toolbar configured in this dev settings。
我在 djanoproject.com 的 django-debug-toolbar that I reported in the issue #796 中发现了一个问题,但经过一些测试后,我认为这只是一个配置问题,我们需要帮助来解决它。
以下所有句子都与本地使用的分支 master 上的代码有关。
Django 调试工具栏适用于 www ,例如,如果我打开 http://www.djangoproject.dev:8000/ 我可以显示工具栏并打开 SQL 面板。
例如,如果我尝试打开 http://docs.djangoproject.dev:8000/en/1.11/,我可以看到工具栏,但如果我尝试打开 SQL 面板,我会看到 0: error
这是我在浏览器控制台上看到的消息:
Failed to load http://www.djangoproject.dev:8000/debug/render_panel/?store_id=212b2bb5adc54a3a81b97b6da5547d4c&panel_id=SQLPanel: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://docs.djangoproject.dev:8000' is therefore not allowed access.
直接打开url:
可以看到所有数据我认为问题在于工具栏试图为面板打开 www. 而不是 docs. url 但我不知道如何更新设置来解决这个问题。
您能否向我们建议修复此错误并使用 django-debug-toolbar panels with in different third-level domains as for docs.djangoproject.com 的代码?
在我的 PR 与此解决方案的答案合并到 djangoproject.com 代码后,我想编写解决方案以便一些用户可以找到类似问题的解决方案。
这是@jezdez issue 的回答,解释了问题:
In short: this is a CORS error since it tries to request a resource with Javascript on a different subdomain that isn't allowed to be requested.
The reason why the URL that is rendered by debug_toolbar uses the www subdomain automatically is because the djangoproject project has the django-hosts hosts_override feature installed, which automatically overrides the Django-built-in url template tag witht he one that is capable of resolving Django URLs as a fully qualified URLs and not only as URL paths.
The host_url template tag which is by now also called when the url template tag is used, will fall back to using the host as defined by the DEFAULT_HOST setting, which in our case is www. Since we can't easily override the call to the url tag in the debug toolbar template to pass in a different host (e.g. docs) there is basically only one other option: set the appropriate CORS header Access-Control-Allow-Origin to allow a page loaded under the docs subdomain to access a resource under the www subdomain. I would strongly suggest to do that and not mess with the URL generation. That said, this is something that should only be applied to the development environment, to reduce the chance for abuse in production.
Actually setting the CORS header is as simple as writing a very small middleware that does it manually. No need to use a full-blown app like django-cors-headers.
我用 local-only 中间件解决了这个问题,它设置了 CORS 'Access-Control-Allow-Origin' header 以允许调试。
class CORSMiddleware(object):
"""
Set the CORS 'Access-Control-Allow-Origin' header to allow the debug
toolbar to work on the docs domain.
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
response['Access-Control-Allow-Origin'] = '*'
return response
这是合并后的 commit,它确实有效。