#19538: __admin_media_prefix__ in admin templates -------------------------------+------------------------------- Reporter: andrew@… | Owner: nobody Type: Uncategorized | Status: new Component: Uncategorized | Version: 1.4 Severity: Normal | Keywords: admin S3 DateTime Triage Stage: Unreviewed | Has patch: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------+------------------------------- contrib/admin/templates/admin/base.html contains the line: <script type="text/javascript">window.__admin_media_prefix__ = "{% filter escapejs %}{% static "admin/" %}{% endfilter %}";</script>
The __admin_media_prefix__ is used in contrib/admin/static/admin/js/admin/DateTimeShortcuts.js to form URLs by concatenation: DateTimeShortcuts.admin_media_prefix + 'img/icon_clock.gif' This causes a problem with certain storage backends (such as S3 Boto) which include authentication digests as part of the URL. For instance, when using the S3 Boto backend, my admin renders the following line: <script type="text/javascript">window.__admin_media_prefix__ = "https://oca3\u002Dqa.s3.amazonaws.com/admin?Signature\u003DXIt%2FCc9wPWjaw%2F3ITNjkYE3bc%2FI%3D\u0026Expires\u003D1356844210\u0026AWSAccessKeyId\u003DAKIAIGREZ7J53KZ23QKQ";</script> Which, when concatenated with the fixed string generates the invalid URL: https://oca3\u002Dqa.s3.amazonaws.com/admin?Signature\u003DXIt%2FCc9wPWjaw%2F3ITNjkYE3bc%2FI%3D\u0026Expires\u003D1356844210\u0026AWSAccessKeyId\u003DAKIAIGREZ7J53KZ23QKQimg/icon_clock.gif I suspect that the assumption the DateTime widget is relying on ({% static a+b %} should be equivelant to {% static a %}b) is invalid, and it should be using a more robust method to determine the static URL of its resources. The DateTime widget appears to be the only element depending on __admin_media_prefix__, and thus the only one to fail when switching to a backend that doesn't support its assumption. -- Ticket URL: <https://code.djangoproject.com/ticket/19538> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.