Skip to content

Commit a5ff45d

Browse files
authored
Merge pull request #1651 from tim-schilling/auto-update-1647
Check if djdt-store-id is in all headers before usage.
2 parents 97a9165 + e0417ef commit a5ff45d

File tree

4 files changed

+23
-4
lines changed

4 files changed

+23
-4
lines changed

debug_toolbar/panels/history/panel.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ def get_headers(self, request):
2424
observe_request = self.toolbar.get_observe_request()
2525
store_id = getattr(self.toolbar, "store_id")
2626
if store_id and observe_request(request):
27-
headers["DJDT-STORE-ID"] = store_id
27+
headers["djdt-store-id"] = store_id
2828
return headers
2929

3030
@property

debug_toolbar/static/debug_toolbar/js/toolbar.js

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -264,8 +264,13 @@ const djdt = {
264264
const origOpen = XMLHttpRequest.prototype.open;
265265
XMLHttpRequest.prototype.open = function () {
266266
this.addEventListener("load", function () {
267-
let store_id = this.getResponseHeader("djdt-store-id");
268-
if (store_id !== null) {
267+
// Chromium emits a "Refused to get unsafe header" uncatchable warning
268+
// when the header can't be fetched. While it doesn't impede execution
269+
// it's worrisome to developers.
270+
if (
271+
this.getAllResponseHeaders().indexOf("djdt-store-id") >= 0
272+
) {
273+
let store_id = this.getResponseHeader("djdt-store-id");
269274
store_id = encodeURIComponent(store_id);
270275
const dest = `${sidebar_url}?store_id=${store_id}`;
271276
slowjax(dest).then(function (data) {

docs/configuration.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ Toolbar options
142142

143143
* ``OBSERVE_REQUEST_CALLBACK``
144144

145-
Default: ``'debug_toolbar.middleware.observe_request'``
145+
Default: ``'debug_toolbar.toolbar.observe_request'``
146146

147147
This is the dotted path to a function used for determining whether the
148148
toolbar should update on AJAX requests or not. The default checks are that

tests/panels/test_history.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,20 @@ def test_history_sidebar_invalid(self):
9999
response = self.client.get(reverse("djdt:history_sidebar"))
100100
self.assertEqual(response.status_code, 400)
101101

102+
def test_history_headers(self):
103+
"""Validate the headers injected from the history panel."""
104+
response = self.client.get("/json_view/")
105+
store_id = list(DebugToolbar._store)[0]
106+
self.assertEqual(response.headers["djdt-store-id"], store_id)
107+
108+
@override_settings(
109+
DEBUG_TOOLBAR_CONFIG={"OBSERVE_REQUEST_CALLBACK": lambda request: False}
110+
)
111+
def test_history_headers_unobserved(self):
112+
"""Validate the headers aren't injected from the history panel."""
113+
response = self.client.get("/json_view/")
114+
self.assertNotIn("djdt-store-id", response.headers)
115+
102116
def test_history_sidebar(self):
103117
"""Validate the history sidebar view."""
104118
self.client.get("/json_view/")

0 commit comments

Comments
 (0)