Allow enforcing HTTPS for custom domains #4483
Conversation
| @@ -985,7 +985,7 @@ class Domain(models.Model): | |||
| https = models.BooleanField( | |||
| _('Use HTTPS'), | |||
| default=False, | |||
| help_text=_('SSL is enabled for this domain') | |||
| help_text=_('Always use HTTPS for this domain') | |||
There was a problem hiding this comment.
Technically this will result in a migration. However, there's a bunch of other minor pending migrations on Project.
There was a problem hiding this comment.
I think these changes are good.
I got a little lost on the review (as usual when taking a look at the resolver) but seems smooth. I left a refactor comment, but not 100% sure that I'm correct.
Besides the tests you changed, shouldn't we have a specific test that uses a Domain(https=False) and check that it resolves to http?
| elif self._use_subdomain(): | ||
| domain = self._get_project_subdomain(canonical_project) | ||
| else: | ||
| domain = getattr(settings, 'PRODUCTION_DOMAIN') |
There was a problem hiding this comment.
Isn't this if/elif/else the same code of what self.resolve_domain does?
There was a problem hiding this comment.
It is. This function needs access to the Domain object in order to read the .https property. That object is not exposed from the resolve_domain method.
There was a problem hiding this comment.
Loading that object again based on the hostname alone will require another database query and the resolver is already the largest single source of database load in Read the Docs.
There was a problem hiding this comment.
I understand and I saw that you mentioned the issue to refactor this. So, I'm fine with "duplication" here.
Although, I think that adding a similar explanation written in these comments as a comment in the code would make it easier to refactor this in the future.
Probably yes. |
- add resolve HTTPS/HTTP test - add comment detailing duplication
|
I updated based on the feedback to add another resolver test and to comment on the duplication. I also added a UI element for showing the status of issuing a certificate. |
This allows users to mark a domain as HTTPS and then all links to its documentation will be HTTPS links instead of HTTP links.
Personally I don't love these changes to the resolver but I believe the resolver needs a larger refactor for performance reasons anyway (#3712). If there's a better way to add this functionality without adding more SQL queries and degrading performance of a very performance sensitive bit of code, please let me know or feel free to add to this.
Fixes #2236
Screenshot