jinja2/react_base.html template uses request.user #6039
Comments
Let's start with waffle flags. One place where
the implementation of The minified Thing is,
So it's not fair to connect banners.css to a particular waffle flag. A possible solution is to use Constance instead. So like this:
Then, if you enable ANY waffle flag that needs banners.css you remember to go to https://developer.mozilla.org/admin/constance/config/ and enable it. Another option is to inspect any defined waffle flag that might need it. If there is greater than 0% chance that it might be enabled, you include it. E.g. # the view function
possible_flags = ['developer_needs']
context['include_banners_css'] = False
for flag in Flag.objects.filter(name__in=possible_flags):
if flag.everyone or flag.percent > 0 or flag.superusers or flag.staff or flag.authenticated or flag. ...:
context['include_banners_css'] = True
break
|
Actually, a more ideal solution would be something like this: It's more complicated but might perform better since it's less CSS upfront. We'd need to do it more properly with better error handling and we'd also need to figure out a way to "connect" this to django-pipeline. |
@Gregoor For the record, this relates to how we'd do the CSS for BCD tables too. |
#6108 was done, but needs to be redone after some consideration. |
We can close this now. Somewhere in the read-only site stuff do we do things that depend on |
Summary says it all. The read-only pages should never depend on the users.
Our CDN is configured to never pass through any
sessionid
cookie values to the Django views so hopefully all pages now are always forcibly anonymous.We should audit the trail to make sure nothing in the read-only site depends on the user.
Including waffle flags.
The text was updated successfully, but these errors were encountered: