From 0ebfc8ce416e20f8c962b44e96ceb09fb5a0d760 Mon Sep 17 00:00:00 2001 From: Tom Webber <80110358+tom-webber@users.noreply.github.com> Date: Thu, 29 Aug 2024 09:43:07 +0100 Subject: [PATCH] feat: add back button to cookie page (#728) * feat: Adds govuk '< Back' button to the cookies page The cookies page is viewable from any page in the application, but is likely not an endpoint for users, so they will want to be able to navigate back to their previous page. The cookie view has been added to `home/views.py`, and the referer URL is validated to ensure the URL is one of the trusted domains (i.e. is within `settings.CSRF_TRUSTED_ORIGINS`). localhost has been added to `settings.CSRF_TRUSTED_ORIGINS` when running with `settings.DEBUG == True` * chore: html linting --- core/settings.py | 3 +++ core/urls.py | 4 --- home/urls.py | 1 + home/views.py | 22 +++++++++++++++++ templates/base/footer.html | 2 +- templates/cookies.html | 50 ++++++++++++++++++++++++-------------- 6 files changed, 59 insertions(+), 23 deletions(-) diff --git a/core/settings.py b/core/settings.py index c016f2ee..448117d4 100644 --- a/core/settings.py +++ b/core/settings.py @@ -258,3 +258,6 @@ origins_str = os.environ.get("CSRF_TRUSTED_ORIGINS", "") CSRF_TRUSTED_ORIGINS = origins_str.split(" ") if origins_str else [] +if DEBUG: + local_origins = ["http://127.0.0.1:8000", "http://localhost:8000"] + CSRF_TRUSTED_ORIGINS += local_origins diff --git a/core/urls.py b/core/urls.py index 29610f6c..e0933ca6 100644 --- a/core/urls.py +++ b/core/urls.py @@ -17,7 +17,6 @@ from django.contrib import admin from django.urls import include, path -from django.views.generic import TemplateView app_name = "core" @@ -25,9 +24,6 @@ path("admin/", view=admin.site.urls), path("azure_auth/", include("azure_auth.urls", namespace="azure_auth")), path("feedback/", include("feedback.urls", namespace="feedback")), - path( - "cookies/", TemplateView.as_view(template_name="cookies.html"), name="cookies" - ), path("", include("home.urls", namespace="home")), path("", include("django_prometheus.urls")), ] diff --git a/home/urls.py b/home/urls.py index 1f8a2149..45d7fc54 100644 --- a/home/urls.py +++ b/home/urls.py @@ -19,4 +19,5 @@ name="details", ), path("pagination/", views.search_view, name="pagination"), + path("cookies", views.cookies_view, name="cookies"), ] diff --git a/home/views.py b/home/views.py index 505ab4c3..99d03d9f 100644 --- a/home/views.py +++ b/home/views.py @@ -1,5 +1,8 @@ +from urllib.parse import urlparse + from data_platform_catalogue.client.exceptions import EntityDoesNotExist from data_platform_catalogue.search_types import DomainOption +from django.conf import settings from django.http import Http404, HttpResponseBadRequest from django.shortcuts import render from django.utils.translation import gettext as _ @@ -116,3 +119,22 @@ def metadata_specification_view(request): return render( request, "metadata_specification.html", metadata_specification.context ) + + +def cookies_view(request): + valid_domains = [ + urlparse(origin).netloc for origin in settings.CSRF_TRUSTED_ORIGINS + ] + referer = request.META.get("HTTP_REFERER") + + if referer: + referer_domain = urlparse(referer).netloc + + # Validate this referer domain against declared valid domains + if referer_domain not in valid_domains: + referer = "/" # Set to home page if invalid + + context = { + "previous_page": referer or "/", # Provide a default fallback if none found + } + return render(request, "cookies.html", context) diff --git a/templates/base/footer.html b/templates/base/footer.html index 958ea434..ab35ba86 100644 --- a/templates/base/footer.html +++ b/templates/base/footer.html @@ -6,7 +6,7 @@

{% translate "Support links" %}