Do not set up PUI routes for handling slug-based URLs if use_human_readable_urls is false #3043
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Similar to #2436, this pull request prevents the PUI from attempting to handle requests for slug-based URLs when
AppConfig[:use_human_readable_urls]
is false (which is the default value.) At present, whenever it receives a request that matches any of the slug-based URLs defined in routes.rb, it sends a request to the backend, which does a lookup in the slug column of the relevant database table. The PUI won't generate any slug-based links, but this route in particular......means any URL like https://test.archivesspace.org/foo/bar will trigger a lookup. Such a URL might be something a plug-in developer wants to write a controller to handle, but cannot because the above route will take precedence. Also, similar URLs may be probed by bad actors looking for known vulnerabilities in other platforms, such as https://test.archivesspace.org/admin/login.php. They won't find a vulnerability, but it does trigger an unnecessary database lookup every time.
Related JIRA Ticket or GitHub Issue
None
How Has This Been Tested?
It does not affect existing routes using
:rid
and:id
parameters, and obviously won't make any difference to organizations that do have human-readable URLs enabled. There are a few routes that do double duty for both slug-based and ID-based URLs, such as......so I have added another test for
AppConfig[:use_human_readable_urls]
in application_controller.rb to prevent those triggering unnecessary database lookups either.Screenshots (if appropriate):
Types of changes
Checklist: