adding _scheme parameter to url_for
#667
Conversation
|
I'm generating urls in some of my email message templates (confirmation, password reset), and I would like them to be secure urls, but the source from where they are generated is not necessarily https. Current I am doing this to handle the problem, But it would be nice to not need this workaround |
|
I think the new keyword argument of url_for is a good idea, but I don't see the point of secure_url_for. Also I think the _secure arg should imply _external. Explicitly setting _external to False and _secure to True would result in a ValueError. |
|
I'm happy to omit |
|
Could you add the handing for |
|
@untitaker do you mean raise an explicit ValueError, e.g. |
|
Raising a ValueError in url_for and implying _external when _secure is True in url_for seems best to me. As i said, adding a new function for this is not a good idea IMO. |
|
What does the overlord of elegant APIs @kennethreitz have to say about this? |
|
I don't know that it hurts to provide a helper function, after all, that's what helpers are there for. But as I said before, I'll defer to the maintainers. I'd just like to get this in as there seems to be a need for it. Out of curiosity, what relationship do you have to the Flask project, @untitaker? |
|
Why not just |
|
About as much as you have @maxcountryman |
|
@kennethreitz The fear is that this could interfere with the user's keyword arguments for the view. |
|
@kennethreitz I think |
|
that would be a terrible kwarg :) |
|
@kennethreitz so is |
|
I think at this point it's probably worse to be inconsistent with the existing API than to try to retroactively correct it. So for that reason I preferred I still need feedback on whether or not to include Finally I can include an explicit ValueError within the scope of url_for if it's not sufficient to leave this lower levels of the call stack. How does that sound? |
|
Another aspect: I find "_secure" as an arg too ambiguous, since it also could mean that the url will be escaped to prevent XSS or something like that. "_https" seems like a better name (and also https_url_for) |
|
(_scheme=) |
|
The more I think about this, the more I feel it is unnecessary, I suppose. If you want something to be SSL, why wouldn't everything already be SSL? |
|
@kennethreitz read @xsleonard's comment for real world use-case. |
|
hmm, I guess I like |
|
@kennethreitz how about a helper? Yea or nay? (I don't have a particularly strong opinion, but it does seem like a clear shortcut and it clearly exposes the functionality.) |
|
Agreed Kennneth, a scheme arg might be even better. |
|
I've force-pushed some updates to this guy. I think this should be more in line with your suggestions @kennethreitz. |
|
@mitsuhiko thoughts? |
In order to better facilitate generation of URLs that make use of an HTTPS URL scheme this patch adds a parameter with this specific purpose in mind. To achieve this we explicitly pass in a param, `_scheme='https'`, and then set the `url_scheme` attribute of our `MapAdapter` instance appropriately. Importantly, `_external=True` must be set in order for this to work properly. As such, failure to do so results in a `ValueError` being raised.
|
Seems harmless enough. |
adding `_scheme` parameter to `url_for`
In order to better facilitate generation of URLs that make use of an HTTPS URL
scheme this patch adds a parameter with this specific purpose in mind. To
achieve this we explicitly pass in a param,
_scheme='https', and then set theurl_schemeattribute of ourMapAdapterinstance appropriately.Importantly,
_external=Truemust be set in order for this to work properly.As such, failure to do so results in a
ValueErrorbeing raised.