github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-01-29 08:48:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Allow for frameless cnamed domains from trusted domains.

Browse Source
This commit is contained in:
KeyserSosa
2008-10-09 13:41:34 -07:00
parent 7d93d076d7
commit aba126b1b2
6 changed files with 33 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
r2/r2/config/middleware.py
View File

@@ -175,6 +175,15 @@ class DomainMiddleware(object):
def __init__(self, app):
self.app = app
auth_cnames = config['global_conf'].get('authorized_cnames', '')
auth_cnames = [x.strip() for x in auth_cnames.split(',')]
# we are going to be matching with endswith, so make sure there
# are no empty strings that have snuck in
self.auth_cnames = [x for x in auth_cnames if x]
def is_auth_cname(self, domain):
return any((domain == cname or domain.endswith('.' + cname))
for cname in self.auth_cnames)
def __call__(self, environ, start_response):
# get base domain as defined in INI file
@@ -198,6 +207,9 @@ class DomainMiddleware(object):
if not environ.get('extension'):
if environ['PATH_INFO'].startswith('/frame'):
return self.app(environ, start_response)
elif self.is_auth_cname(sub_domains):
environ['frameless_cname'] = True
environ['authorized_cname'] = True
elif ("redditSession" in environ.get('HTTP_COOKIE', '')
and environ['REQUEST_METHOD'] != 'POST'
and not environ['PATH_INFO'].startswith('/error')):

21
r2/r2/controllers/reddit_base.py
View File

@@ -60,6 +60,8 @@ class Cookie(object):
self.dirty = dirty
if domain:
self.domain = domain
elif c.authorized_cname:
self.domain = c.site.domain
else:
self.domain = g.domain
@@ -133,10 +135,8 @@ def read_user_cookie(name):
def set_user_cookie(name, val):
uname = c.user.name if c.user_is_loggedin else ""
domain = g.domain if not c.frameless_cname else None
c.cookies[uname + '_' + name] = Cookie(value = val,
domain = domain)
c.cookies[uname + '_' + name] = Cookie(value = val)
valid_click_cookie = re.compile(r'(t[0-9]_[a-zA-Z0-9]+:)+').match
def read_click_cookie():
if c.user_is_loggedin:
@@ -182,8 +182,7 @@ def set_redditfirst(key,val):
cookie = {key: val}
c.cookies['reddit_first'] = Cookie(simplejson.dumps(cookie),
expires = NEVER,
domain = g.domain)
expires = NEVER)
# this cookie is also accessed by organic.js, so changes to the format
# will have to be made there as well
@@ -336,7 +335,9 @@ def set_cnameframe():
del request.params[utils.UrlParser.cname_get]
if request.get.has_key(utils.UrlParser.cname_get):
del request.get[utils.UrlParser.cname_get]
c.frameless_cname = request.environ.get('frameless_cname', False)
c.frameless_cname = request.environ.get('frameless_cname', False)
if hasattr(c.site, 'domain'):
c.authorized_cname = request.environ.get('authorized_cname', False)
def ratelimit_agents():
user_agent = request.user_agent
@@ -424,6 +425,10 @@ class RedditController(BaseController):
#check if user-agent needs a dose of rate-limiting
ratelimit_agents()
# the domain has to be set before Cookies get initialized
set_subreddit()
set_cnameframe()
# populate c.cookies
c.cookies = Cookies()
for k,v in request.cookies.iteritems():
@@ -458,11 +463,9 @@ class RedditController(BaseController):
#set_browser_langs()
set_host_lang()
set_subreddit()
set_content_type()
set_iface_lang()
set_content_lang()
set_cnameframe()
# set some environmental variables in case we hit an abort
if not isinstance(c.site, FakeSubreddit):

10
r2/r2/lib/pages/pages.py
View File

@@ -92,7 +92,8 @@ class Reddit(Wrapped):
#c.subredditbox is set by VSRMask
self.subreddit_sidebox = False
if c.subreddit_sidebox:
#don't show the sidebox on cnames
if c.subreddit_sidebox and not c.cname:
self.subreddit_sidebox = True
self.subreddit_checkboxes = c.site == Default
@@ -101,7 +102,6 @@ class Reddit(Wrapped):
else:
self._content = content
self.toolbars = self.build_toolbars()
def rightbox(self):
@@ -112,7 +112,8 @@ class Reddit(Wrapped):
if not c.user_is_loggedin and self.loginbox:
ps.append(LoginFormWide())
if not isinstance(c.site, FakeSubreddit):
#don't show the subreddit info bar on cnames
if not isinstance(c.site, FakeSubreddit) and not c.cname:
ps.append(SubredditInfoBar())
if self.subreddit_sidebox:
@@ -179,7 +180,8 @@ class Reddit(Wrapped):
NamedButton("blog", False, nocname=True)]
if c.user_is_loggedin:
buttons += [NamedButton("logout", False, nocname=True,
buttons += [NamedButton("logout", False,
nocname=not c.authorized_cname,
target = "_self")]
return NavMenu(buttons, base_path = "/", type = "flatlist")

2
r2/r2/templates/base.html
View File

@@ -49,7 +49,7 @@
var cnameframe = ${'true' if c.cname else 'false'};
var modhash = ${"'%s'" % c.modhash or "false"};
var cur_domain = "${get_domain(cname = True, subreddit = False) if c.frameless_cname else g.domain}";
var ajax_domain = "${g.domain}";
var ajax_domain = "${get_domain(cname = True, subreddit = False) if c.authorized_cname else g.domain}";
</script>

2
r2/r2/templates/redditfooter.html
View File

@@ -46,7 +46,7 @@
%if g.tracker_url:
<img alt="" src="${tracking.UserInfo.gen_url()}"/>
%endif
%if c.frameless_cname:
%if c.frameless_cname and not c.authorized_cname:
<%
u = UrlParser("http://%s/%s" % (get_domain(cname = True, subreddit = False), request.path))
u.update_query(**request.get)

2
r2/r2/templates/sharelink.html
View File

@@ -77,7 +77,7 @@
</th>
<td>
<textarea id="message_${thing.link_name}" name="message" rows="4" cols="40">
${c.user.name} from http://${g.domain}/ has shared a link with you.
${c.user.name} from http://${c.site.domain if c.cname and hasattr(c.site, 'domain') else g.domain}/ has shared a link with you.
</textarea>
</td>
<td>