Comments (2)
duncanpeacock
commented on August 22, 2024
Update:
Still looking into this, but it's slow because I can only reproduce it in my stack (downloads always work from Chrome on my laptop) so I have to rebuild it each time.
Some extra information:
- This issue only occurs with the latest (post July I think) versions of Chrome - which has some increased security settings - so it was an existing issue that has come to light.
- The links in the DRF target api query page work OK in Firefox.
- If you cut and paste the link from the DRF target api query to a browser window in Chrome it works.
- If you use the API uploader page (upload_tset), the target link that is created also works in Chrome.
The redirect issue in Django Rest Framework is known about and I've been trying some of the nginx cofig changes to try to get it working. Unfortunately the simple fix I tried (as described here: https://djangodeployment.com/2017/01/24/fix-djangos-https-redirects-nginx/) does not seem to work - although I'm trying a couple more settings.
This post: https://serverfault.com/questions/659029/how-to-solve-nginx-reverse-proxy-mixed-contenthttp-https/853237
also recommends:
"
You have to go through the sites' code, and replace all ocurences of http://domain.com/resource with either /resource or //domain.com/resource.
This ensures that all the dependent web page resources are loaded with the same protocol as the website itself is loaded.
"
What seems a bit strange to me is that the loader code already seems to be trying to get a relative address, so I could fix this but the problem with this approach is that you wouldn't get clickable links in DRF.
Instead of a complete link like:
http://fragalysis-duncan-default.xchem-dev.diamond.ac.uk/media/targets/Mpro.zip
you'd get a relative (none-clickable) link like the one for the template file. E.g.
/media/targets/Mpro.zip
What may be worth a try is to change the
http://fragalysis-duncan-default.xchem-dev.diamond.ac.uk/media/targets/Mpro.zip
to
https://fragalysis-duncan-default.xchem-dev.diamond.ac.uk/media/targets/Mpro.zip
and see what happens..
from fragalysis-backend.
duncanpeacock
commented on August 22, 2024
I have a fix under branch: issue-226-download.
This has been tested successfully with my stack: fragalysis-duncan-default.xchem-dev.diamond.ac.uk (you can accept the unsigned certificate).
The solution basically replaces the http with the https.
The nginx parameters all seem to be set up properly, and for this limited use there doesn't seem to be any security issues. It seems to be more of an issue about how django constructs URLs from filefields in the DRF serializer.
Anyway, I'll get this reviewed on Tuesday and then create a pull request.
from fragalysis-backend.
Related Issues (20)
- Link ideas to discussions (Discourse)
- Duncan Test
- Tag official releases
- Optional initialisation of Sentry - and avoid exposing the DSN? HOT 3
- Enable Django admin panel on test systems
- Snapshot JSON field is Text in the snapshot Model -> JSONField
- Requirements.txt
- Pull Requests from forks fail (because of Docker credentials)
- Replace http URLs by relative URLs
- Add vendor compound-id to Cipher queries HOT 1
- Problems with F button with fragments bound to multiple chains
- Upload fails if compound names are larger than 50 characters
- Provide upload log files to user
- Multi-tags
- ValueError: invalid literal for int() with base 10: '' (api/utils.py:216)
- Removing ISPYB credentials has caused problems.
- All job execution commands should fail immediately if Squonk is not configured HOT 3
- Test uses assertDictEqual which (in this case) is unreliable
- ZeroDivisionError (utils.py:159)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fragalysis-backend.