[Fixes #14406] Introducing a new setting for the URL validation#14407
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces the SAFE_URL_TRUSTED_HOSTS setting to allow trusted hosts to bypass URL safety validation, even when resolving to private IPs. The review feedback highlights several critical improvements: normalizing the port check in geonode/utils.py to handle implicit default ports (80/443) and hostnames without ports; making the environment variable parsing in geonode/settings.py more robust by falling back to comma-separated parsing on failure; and adding comprehensive test cases to cover these edge cases.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-5.0.x 5.0.x
# Navigate to the new working tree
cd .worktrees/backport-5.0.x
# Create a new branch
git switch --create backport-14407-to-5.0.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 c3f53cc63e2b8a51c0a93f51976cbb190c202820
# Push it to GitHub
git push --set-upstream origin backport-14407-to-5.0.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.0.xThen, create a pull request where the |
This PR was created according to this issue: #14406
Checklist
For all pull requests:
The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):
Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.