From 9fc84bf6816c8a93a669c7b4d4adf716c119ef3e Mon Sep 17 00:00:00 2001 From: Deimos Date: Wed, 31 Jul 2019 23:08:28 -0600 Subject: [PATCH] X-IC-Redirect header: only escape path component Whoops, previous attempt at fix ended up breaking anywhere that did a 302 redirect with a full url (which wiki pages do after editing). --- tildes/tildes/views/api/web/exceptions.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tildes/tildes/views/api/web/exceptions.py b/tildes/tildes/views/api/web/exceptions.py index e8d7a04..0b4ea96 100644 --- a/tildes/tildes/views/api/web/exceptions.py +++ b/tildes/tildes/views/api/web/exceptions.py @@ -4,7 +4,7 @@ """Web API exception views.""" from typing import Sequence -from urllib.parse import quote +from urllib.parse import quote, urlparse, urlunparse from marshmallow.exceptions import ValidationError from pyramid.httpexceptions import ( @@ -107,4 +107,8 @@ def httpfound(request: Request) -> Response: 302 into a 200 with that header so it works as a redirect for both standard requests as well as Intercooler ones. """ - return Response(headers={"X-IC-Redirect": quote(request.exception.location)}) + # need to url-escape only the path of the redirect destination + parsed = urlparse(request.exception.location) + parsed = parsed._replace(path=quote(parsed.path)) + + return Response(headers={"X-IC-Redirect": urlunparse(parsed)})