CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Allow gradual rollout of new vite-based widget by adding urls to an allowlist that gets checked against the "Origin" http header of request fetching the widget js

Browse Source
This commit is contained in:
rash
2026-03-10 14:45:00 +01:00
parent 504191c005
commit 2dade31f23
3 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pretix/base/settings.py
View File

File diff suppressed because one or more lines are too long

6
src/pretix/control/forms/global_settings.py
View File

@@ -104,6 +104,12 @@ class GlobalSettingsForm(SettingsForm):
help_text=_("Will be served at {domain}/.well-known/apple-developer-merchantid-domain-association").format( help_text=_("Will be served at {domain}/.well-known/apple-developer-merchantid-domain-association").format(
domain=settings.SITE_URL domain=settings.SITE_URL
) )
)),
('widget_vite_origins', forms.CharField(
widget=forms.Textarea(attrs={'rows': '3'}),
required=False,
label=_("Vite widget origins"),
help_text=_("One origin per line (e.g. https://example.com). Requests from these origins will be served the new vite-based widget."),
)) ))
]) ])
responses = register_global_settings.send(self) responses = register_global_settings.send(self)

16
src/pretix/presale/views/widget.py
View File

@@ -121,9 +121,21 @@ def widget_css_etag(request, version, **kwargs):
return f'{_get_source_cache_key(version)}-{request.organizer.cache.get_or_set("css_version", default=lambda: int(time.time()))}' return f'{_get_source_cache_key(version)}-{request.organizer.cache.get_or_set("css_version", default=lambda: int(time.time()))}'
def _use_vite(request):
if getattr(settings, 'PRETIX_WIDGET_VITE', False):
return True
origin = request.META.get('HTTP_ORIGIN', '')
gs = GlobalSettingsObject()
vite_origins = gs.settings.get('widget_vite_origins', as_type=str, default='')
if origin and vite_origins:
origins_list = [o.strip() for o in vite_origins.strip().splitlines() if o.strip()]
return origin in origins_list
return False
def widget_js_etag(request, version, lang, **kwargs): def widget_js_etag(request, version, lang, **kwargs):
gs = GlobalSettingsObject() gs = GlobalSettingsObject()
variant = 'vite' if getattr(settings, 'PRETIX_WIDGET_VITE', False) else 'legacy' variant = 'vite' if _use_vite(request) else 'legacy'
return gs.settings.get('widget_checksum_{}_{}_{}'.format(version, lang, variant)) return gs.settings.get('widget_checksum_{}_{}_{}'.format(version, lang, variant))
@@ -222,7 +234,7 @@ def widget_js(request, version, lang, **kwargs):
if version < version_min: if version < version_min:
version = version_min version = version_min
use_vite = getattr(settings, 'PRETIX_WIDGET_VITE', False) use_vite = _use_vite(request)
variant = 'vite' if use_vite else 'legacy' variant = 'vite' if use_vite else 'legacy'
cache_prefix = 'widget_js_data_v{}_{}_{}'.format(version, lang, variant) cache_prefix = 'widget_js_data_v{}_{}_{}'.format(version, lang, variant)