Add HTTP_AUTHORIZATION to values copied to dummy preview requests

2018-09-11 23:01:07 +01:00 · 2018-09-11 23:01:07 +01:00 · 4c72f767ea
commit 4c72f767ea
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@ -12,6 +12,7 @@ Changelog
 * Notification emails now include an "Auto-Submitted: auto-generated" header (Dan Braghis)
 * Image chooser panels now show alt text as title (Samir Shah)
 * Added `download_url` field to images in the API (Michael Harrison)
+ * Dummy requests for preview now preserve the HTTP Authorization header (Ben Dickinson)
 * Fix: Respect next param on login (Loic Teixeira)
 * Fix: InlinePanel now handles relations that specify a related_query_name (Aram Dulyan)
 * Fix: before_delete_page / after_delete_page hooks now run within the same database transaction as the page deletion (Tomasz Knapik)
--- a/CONTRIBUTORS.rst
+++ b/CONTRIBUTORS.rst
@ -316,6 +316,7 @@ Contributors
 * Matthew Schinckel
 * Michael Borisov
 * Dan Braghis
+* Ben Dickinson

 Translators
 ===========
--- a/docs/releases/2.3.rst
+++ b/docs/releases/2.3.rst
@ -29,6 +29,7 @@ Other features
 * Notification emails now include an "Auto-Submitted: auto-generated" header (Dan Braghis)
 * Image chooser panels now show alt text as title (Samir Shah)
 * Added ``download_url`` field to images in the API (Michael Harrison)
+ * Dummy requests for preview now preserve the HTTP Authorization header (Ben Dickinson)


 Bug fixes
--- a/wagtail/core/models.py
+++ b/wagtail/core/models.py
@ -1242,7 +1242,7 @@ class Page(AbstractPage, index.Indexed, ClusterableModel, metaclass=PageBase):

        # Add important values from the original request object, if it was provided.
        HEADERS_FROM_ORIGINAL_REQUEST = [
-            'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_COOKIE', 'HTTP_USER_AGENT',
+            'REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_COOKIE', 'HTTP_USER_AGENT', 'HTTP_AUTHORIZATION',
            'wsgi.version', 'wsgi.multithread', 'wsgi.multiprocess', 'wsgi.run_once',
        ]
        if settings.SECURE_PROXY_SSL_HEADER:
--- a/wagtail/core/tests/test_page_model.py
+++ b/wagtail/core/tests/test_page_model.py
@ -1371,6 +1371,7 @@ class TestDummyRequest(TestCase):
            'HTTP_X_FORWARDED_FOR': '192.168.0.2,192.168.0.3',
            'HTTP_COOKIE': "test=1;blah=2",
            'HTTP_USER_AGENT': "Test Agent",
+            'HTTP_AUTHORIZATION': "Basic V2FndGFpbDpXYWd0YWlsCg==",
        }
        factory = RequestFactory(**original_headers)
        original_request = factory.get('/home/events/')
@ -1381,6 +1382,7 @@ class TestDummyRequest(TestCase):
        self.assertEqual(request.META['HTTP_X_FORWARDED_FOR'], original_request.META['HTTP_X_FORWARDED_FOR'])
        self.assertEqual(request.META['HTTP_COOKIE'], original_request.META['HTTP_COOKIE'])
        self.assertEqual(request.META['HTTP_USER_AGENT'], original_request.META['HTTP_USER_AGENT'])
+        self.assertEqual(request.META['HTTP_AUTHORIZATION'], original_request.META['HTTP_AUTHORIZATION'])

        # check other env vars required by the WSGI spec
        self.assertEqual(request.META['REQUEST_METHOD'], 'GET')