-
- Downloads
[FIX] http_routing, website: prevent crash when using `fw` in url
Before this commit, the routing map generated and used would be the one from the website the request is performed, instead of the one from the `fw` website ID which will be the one we redirect the user to. This issue was introduced with the routing map by website, be8fc229 and is restricted to a single case: a publisher using the website switcher, and it won't happen on next page naviguation/refresh as the `fw` website id will be the same as the current website's ID. Thus there won't be any routing map mismatch. Step to reproduce: - Create a page on website 2, set it as homepage - Naviguate to website 1 on '/' url - Naviguate to website 2 on '/' url This will raise a werkzeug error about `EndPoint not iterable`. ----- Technical analysis ------ This is the current flow: 1. `_dispatch()` is setting `website_routing` to `get_current_website()` -> 2 2. `_dispatch()` is calling `_match()` 3. `_match()` is calling `routing_map()` with key = `website_routing`, which was set to 2 in step 1. 4. `routing_map()` is calling `_generate_routing_rules()` which generate the rules based on `website_routing`, which was set to 2 in step 1. 5. `_dispatch()` authenticate the user by calling `_authenticate()` 6. `_dispatch()` is calling `_add_dispatch_parameter()`, where URL param `fw` is forced in session, so `get_current_website()` now return the correct `website_id` -> 1 The issue: in order to handle the `fw` URL parameter (step 6.), we need to check the rights to ensure we can allow the website switch. To check rights, user need to be authenticated (step 5.), which is done after generating the routing map (2. & 3. & 4.). The routing map is generated based on the current website (step 1.) Step 6 depends of steps 5 which depends of steps 2/3/4 which depend of step 1, but step 1 should depend of step 6, which is an impossible cycle. closes odoo/odoo#70278 X-original-commit: 878e28f9 Signed-off-by:Jérémy Kersten (jke) <jke@openerp.com> Signed-off-by:
Romain Derie <rdeodoo@users.noreply.github.com>
Showing
- addons/website/controllers/main.py 32 additions, 4 deletionsaddons/website/controllers/main.py
- addons/website/models/ir_http.py 5 additions, 4 deletionsaddons/website/models/ir_http.py
- addons/website/static/src/js/backend/dashboard.js 1 addition, 1 deletionaddons/website/static/src/js/backend/dashboard.js
- addons/website/static/src/js/content/website_root.js 4 additions, 4 deletionsaddons/website/static/src/js/content/website_root.js
- addons/website/tests/test_ui.py 2 additions, 2 deletionsaddons/website/tests/test_ui.py
- addons/website/tests/test_views.py 4 additions, 12 deletionsaddons/website/tests/test_views.py
Loading
Please register or sign in to comment