Remove site_scheme workaround; rely on request.scheme (closes #1329)#1343
Merged
Conversation
With SECURE_PROXY_SSL_HEADER enabled (#1336) and verified end-to-end via the sitemap on -test (#1338), request.scheme is now correct everywhere behind UW CSE's TLS proxy. Remove the in-app site_scheme workaround that pinned https off DJANGO_ENV (#1236) and rely on the framework: - Delete the site_scheme context processor (+ its TEMPLATES registration) and the site_scheme helper in website/utils/metadata.py. - absolute_url() (view-built JSON-LD URLs) now uses request.scheme. - Templates (base/member/news_item/project) build canonical/OG/Twitter URLs from {{ request.scheme }} instead of {{ site_scheme }}. Tests: rework the scheme assertions to exercise the real mechanism — an X-Forwarded-Proto: https request under SECURE_PROXY_SSL_HEADER emits https; a secure request emits https; a plain http request reflects the request scheme. Full suite green (344 tests). Closes #1329. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Final piece of #1329. Builds on #1336 (enabled
SECURE_PROXY_SSL_HEADERon TEST/PROD) and #1338 (which verified end-to-end on-testthat/sitemap.xmlemitshttpsfrom rawrequest.scheme). Closes #1329.What
Now that Django sees the real
httpsscheme behind UW CSE's TLS proxy, the in-appsite_schemeworkaround from #1236 is redundant. This removes it and relies on the framework:site_schemecontext processor (and itsTEMPLATESregistration insettings.py) and thesite_schemehelper inwebsite/utils/metadata.py.absolute_url()— used by views for JSON-LDurl/image/logo— now builds fromrequest.scheme.base.html,member.html,news_item.html,project.html) build canonical / OG / Twitter image URLs from{{ request.scheme }}instead of{{ site_scheme }}.Net
-77/+63lines; one fewer context processor running on every request.Tests
Reworked the scheme assertions in
test_page_metadata.pyto exercise the real mechanism rather than the deleted DJANGO_ENV branch:test_forwarded_proto_header_drives_https— anX-Forwarded-Proto: httpsrequest under@override_settings(SECURE_PROXY_SSL_HEADER=...)emitshttpsabsolute URLs (the deployed path; also sends a cleanHostheader as Apache does).test_secure_request_uses_https— asecure=Truerequest emitshttps.test_local_dev_uses_request_scheme— a plain http request reflects the request scheme (http).PageMetadataHttpsTestsnow issuessecure=Truerequests instead of forcingDJANGO_ENV='PROD'.Full suite green in-container: 344 tests, OK (skipped=1) (
--settings=makeabilitylab.settings_test).Verification after merge →
-testBehavior should be unchanged (URLs were already
httpsvia the workaround). Confirm canonical /og:url/og:imagestill renderhttps://on a few page types (home, a project, a member, a news item). The win is that this is now driven by the framework, not a hardcoded override.Note on prod
Prod still rides on
SECURE_PROXY_SSL_HEADER(already verified on-test); it only takes effect in prod when you cut the next SemVer tag.🤖 Generated with Claude Code