This is an automated email from the ASF dual-hosted git repository.
gcruz pushed a commit to branch gc/8429
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/gc/8429 by this push:
new 10d26b462 [#8429] limiting /auth/ to noindex,follow only if query
string in url
10d26b462 is described below
commit 10d26b46255a5b1f9f22f9265d45d2d8a2381b7e
Author: Guillermo Cruz <[email protected]>
AuthorDate: Mon May 16 16:13:53 2022 -0600
[#8429] limiting /auth/ to noindex,follow only if query string in url
---
Allura/allura/lib/custom_middleware.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/Allura/allura/lib/custom_middleware.py
b/Allura/allura/lib/custom_middleware.py
index ca97111f0..409ff94ff 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -155,17 +155,19 @@ class LoginRedirectMiddleware:
def __call__(self, environ, start_response):
status, headers, app_iter, exc_info = call_wsgi_application(self.app,
environ)
is_api_request = environ.get('PATH_INFO', '').startswith('/rest/')
+ noindex_headers = False
if status[:3] == '401' and not is_api_request and not
is_ajax(Request(environ)):
login_url = tg.config.get('auth.login_url', '/auth/')
if environ['REQUEST_METHOD'] == 'GET':
return_to = environ['PATH_INFO']
if environ.get('QUERY_STRING'):
return_to += '?' + environ['QUERY_STRING']
+ noindex_headers = True
location = tg.url(login_url, dict(return_to=return_to))
else:
# Don't try to re-post; the body has been lost.
location = tg.url(login_url)
- r = exc.HTTPFound(location=location, headers={'X-Robots-Tag':
'noindex,follow'})
+ r = exc.HTTPFound(location=location, headers={'X-Robots-Tag':
'noindex,follow'} if noindex_headers else {})
return r(environ, start_response)
start_response(status, headers, exc_info)
return app_iter
