#12616: dev server should not override directory listing of static media
----------------------------+-----------------------------------------------
Reporter: ahebert | Owner: nobody
Status: new | Milestone:
Component: Core framework | Version: 1.1
Keywords: | Stage: Unreviewed
Has_patch: 0 |
----------------------------+-----------------------------------------------
The dev server can serve the static admin media file from a project
directory, which is likely if you want to modify the look of the admin.
When set to do so with directory listing allowed by
{{{'show_indexes':True}}}, an attempt to navigate the directory structure
from a browser will result in a 401 "Permission Denied" page, which is
broken when the same settings allow directory navigation of non-admin
media.
An example to reproduce the problem has settings:
{{{
SITE_ROOT = os.path.dirname(os.path.realpath(__file__))
MEDIA_ROOT = os.path.join(SITE_ROOT,'media')
MEDIA_URL='/media/'
ADMIN_MEDIA_PREFIX='/media/admin/'
}}}
and a urlconf containing:
{{{
(r'^%s(?P<path>.*)$' % settings.MEDIA_URL[1:],
'django.views.static.serve', {'document_root': settings.MEDIA_ROOT,
'show_indexes': True}),
}}}
and running the server with the command
{{{
./manage.py runserver --adminmedia=media/admin
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/12616>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.