Mirrors/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2026-02-28 06:53:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove absolute URIs from settings page (#1261)

Browse Source 
* Remove absolute URIs from admin page

The rest of the links on this page are absolute paths without a
specified hostname, but these in particlar use build_absolute_uri. I
am running linkding behind two different load balancers which makes
these links bubble up the "internal" hostname instead of the hostname
I actually got to the page from.

* Add LD_USE_X_FORWARDED_HOST

See: https://docs.djangoproject.com/en/6.0/ref/settings/#std-setting-USE_X_FORWARDED_HOST
This commit is contained in:
Aidan Coyle
2026-01-05 02:25:54 -06:00
committed by GitHub
parent 50180c9684
commit fdb5b4e82d
4 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bookmarks/settings/base.py
View File

@@ -217,6 +217,16 @@ if LD_ENABLE_AUTH_PROXY:
if LD_AUTH_PROXY_LOGOUT_URL: if LD_AUTH_PROXY_LOGOUT_URL:
LOGOUT_REDIRECT_URL = LD_AUTH_PROXY_LOGOUT_URL LOGOUT_REDIRECT_URL = LD_AUTH_PROXY_LOGOUT_URL
LD_USE_X_FORWARDED_HOST = os.getenv("LD_USE_X_FORWARDED_HOST", False) in (
True,
"True",
"true",
"1",
)
if LD_USE_X_FORWARDED_HOST:
USE_X_FORWARDED_HOST = LD_USE_X_FORWARDED_HOST
# CSRF trusted origins # CSRF trusted origins
trusted_origins = os.getenv("LD_CSRF_TRUSTED_ORIGINS", "") trusted_origins = os.getenv("LD_CSRF_TRUSTED_ORIGINS", "")
if trusted_origins: if trusted_origins:

8
bookmarks/tests/test_settings_integrations_view.py
View File

@@ -133,18 +133,18 @@ class SettingsIntegrationsViewTestCase(TestCase, BookmarkFactoryMixin, HtmlTestM
token = FeedToken.objects.first() token = FeedToken.objects.first()
self.assertInHTML( self.assertInHTML(
f'<a target="_blank" href="http://testserver/feeds/{token.key}/all">All bookmarks</a>', f'<a target="_blank" href="/feeds/{token.key}/all">All bookmarks</a>',
html, html,
) )
self.assertInHTML( self.assertInHTML(
f'<a target="_blank" href="http://testserver/feeds/{token.key}/unread">Unread bookmarks</a>', f'<a target="_blank" href="/feeds/{token.key}/unread">Unread bookmarks</a>',
html, html,
) )
self.assertInHTML( self.assertInHTML(
f'<a target="_blank" href="http://testserver/feeds/{token.key}/shared">Shared bookmarks</a>', f'<a target="_blank" href="/feeds/{token.key}/shared">Shared bookmarks</a>',
html, html,
) )
self.assertInHTML( self.assertInHTML(
'<a target="_blank" href="http://testserver/feeds/shared">Public shared bookmarks</a>', '<a target="_blank" href="/feeds/shared">Public shared bookmarks</a>',
html, html,
) )

17
bookmarks/views/settings.py
View File

@@ -176,18 +176,11 @@ def integrations(request):
) )
feed_token = FeedToken.objects.get_or_create(user=request.user)[0] feed_token = FeedToken.objects.get_or_create(user=request.user)[0]
all_feed_url = request.build_absolute_uri(
reverse("linkding:feeds.all", args=[feed_token.key]) all_feed_url = reverse("linkding:feeds.all", args=[feed_token.key])
) unread_feed_url = reverse("linkding:feeds.unread", args=[feed_token.key])
unread_feed_url = request.build_absolute_uri( shared_feed_url = reverse("linkding:feeds.shared", args=[feed_token.key])
reverse("linkding:feeds.unread", args=[feed_token.key]) public_shared_feed_url = reverse("linkding:feeds.public_shared")
)
shared_feed_url = request.build_absolute_uri(
reverse("linkding:feeds.shared", args=[feed_token.key])
)
public_shared_feed_url = request.build_absolute_uri(
reverse("linkding:feeds.public_shared")
)
return render( return render(
request, request,

8
docs/src/content/docs/options.md
View File

@@ -194,6 +194,14 @@ Multiple origins can be specified by separating them with a comma (`,`).
This setting is adopted from the Django framework used by linkding, more information on the setting is available in the [Django documentation](https://docs.djangoproject.com/en/4.0/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS). This setting is adopted from the Django framework used by linkding, more information on the setting is available in the [Django documentation](https://docs.djangoproject.com/en/4.0/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS).
### `LD_USE_X_FORWARDED_HOST`
Values: `true` or `false` | Default = `false`
If enabled the server will trust the `X-Forwarded-Host` header over the `Host` header to determine the hostname of the server. This should only be enabled if a proxy which sets this header is in use.
This setting is adopted from the Django framework used by linkding, more information on the setting is available in the [Django documentation](https://docs.djangoproject.com/en/6.0/ref/settings/#std-setting-USE_X_FORWARDED_HOST)
### `LD_LOG_X_FORWARDED_FOR` ### `LD_LOG_X_FORWARDED_FOR`
Values: `true` or `false` | Default = `false` Values: `true` or `false` | Default = `false`