New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adding _scheme
parameter to url_for
#667
Conversation
I'm generating urls in some of my email message templates (confirmation, password reset), and I would like them to be secure urls, but the source from where they are generated is not necessarily https. Current I am doing this to handle the problem, But it would be nice to not need this workaround |
I think the new keyword argument of url_for is a good idea, but I don't see the point of secure_url_for. Also I think the _secure arg should imply _external. Explicitly setting _external to False and _secure to True would result in a ValueError. |
I'm happy to omit |
Could you add the handing for |
@untitaker do you mean raise an explicit ValueError, e.g. |
Raising a ValueError in url_for and implying _external when _secure is True in url_for seems best to me. As i said, adding a new function for this is not a good idea IMO. |
What does the overlord of elegant APIs @kennethreitz have to say about this? |
I don't know that it hurts to provide a helper function, after all, that's what helpers are there for. But as I said before, I'll defer to the maintainers. I'd just like to get this in as there seems to be a need for it. Out of curiosity, what relationship do you have to the Flask project, @untitaker? |
Why not just |
About as much as you have @maxcountryman |
@kennethreitz The fear is that this could interfere with the user's keyword arguments for the view. |
@kennethreitz I think |
that would be a terrible kwarg :) |
@kennethreitz so is |
I think at this point it's probably worse to be inconsistent with the existing API than to try to retroactively correct it. So for that reason I preferred I still need feedback on whether or not to include Finally I can include an explicit ValueError within the scope of url_for if it's not sufficient to leave this lower levels of the call stack. How does that sound? |
Another aspect: I find "_secure" as an arg too ambiguous, since it also could mean that the url will be escaped to prevent XSS or something like that. "_https" seems like a better name (and also https_url_for) |
(_scheme=) |
The more I think about this, the more I feel it is unnecessary, I suppose. If you want something to be SSL, why wouldn't everything already be SSL? |
@kennethreitz read @xsleonard's comment for real world use-case. |
hmm, I guess I like |
@kennethreitz how about a helper? Yea or nay? (I don't have a particularly strong opinion, but it does seem like a clear shortcut and it clearly exposes the functionality.) |
Agreed Kennneth, a scheme arg might be even better. |
I've force-pushed some updates to this guy. I think this should be more in line with your suggestions @kennethreitz. |
@mitsuhiko thoughts? |
In order to better facilitate generation of URLs that make use of an HTTPS URL scheme this patch adds a parameter with this specific purpose in mind. To achieve this we explicitly pass in a param, `_scheme='https'`, and then set the `url_scheme` attribute of our `MapAdapter` instance appropriately. Importantly, `_external=True` must be set in order for this to work properly. As such, failure to do so results in a `ValueError` being raised.
Seems harmless enough. |
adding `_scheme` parameter to `url_for`
In order to better facilitate generation of URLs that make use of an HTTPS URL
scheme this patch adds a parameter with this specific purpose in mind. To
achieve this we explicitly pass in a param,
_scheme='https'
, and then set theurl_scheme
attribute of ourMapAdapter
instance appropriately.Importantly,
_external=True
must be set in order for this to work properly.As such, failure to do so results in a
ValueError
being raised.