QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-29 11:45:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb57efaa5351267f18a6e318edf9371a4c25eddd
superset2/tests
History
Joe Li 28b845ead4 fix(subdirectory): close adversarial-review gaps in helpers, backend models, and FAB links 
Adversarial review surfaced six classes of subdirectory-deployment gaps not
covered by the existing TDD scaffold. Each is fixed where it lives, with
pinning tests added beside the change:

Helpers
- navigationUtils: drop `//` from the navigation safety regex so
  `openInNewTab('//evil.com')` can no longer open a cross-origin tab
- pathUtils.stripAppRoot: greedy strip so an upstream `/superset/superset/x`
  payload survives one strip + react-router basename re-prepend
- RedirectWarning.isAllowedScheme: explicit `//` guard; the `new URL(...)`
  catch branch was silently allowing protocol-relative URLs through
- SupersetClientClass.getUrl: implement the runtime appRoot dedupe the
  project memory was already documenting. Flips the contract test from
  pinning the doubled shape under a misleading name to asserting single-
  prefix emission with segment-boundary + bare-root coverage

Frontend literals and sinks
- loggerMiddleware: `/superset/log/` -> `/log/` (matches the live route
  after `Superset.route_base = ""`); updated three test fixtures
- DatasetPanel: raw `window.open(explore_url)` -> `openInNewTab` with null guard
- RedirectWarning: raw `window.location.href = targetUrl` -> `redirect()`
  so the helpers' validation applies

Backend literals and sinks
- Slice.explore_json_url: `/superset/explore_json` -> `/explore_json`
- Database.sql_url: `/superset/sql/<id>/` (route no longer exists) ->
  `/sqllab/?dbid=<id>` (the live SQL Lab deep-link)
- tasks/async_queries.result_url: same `/superset/` strip
- initialization Home menu: hardcoded `href="/superset/welcome/"` ->
  `f"{app_root}/welcome/"` so it works under any application_root

FAB list-view raw HTML
- dashboard_link / slice_link render raw `<a href=...>` strings, which do
  not receive SCRIPT_NAME at render time. Migrated both to `url_for`
  (`Superset.dashboard` / `ExploreView.root`) so subdir deployments emit
  single-prefix hrefs. The model properties themselves keep their
  router-relative shape for frontend callers using ensureAppRoot

Tests
- test_subdirectory_url_for.py grew from 7 to 11 cases pinning
  Slice.explore_json_url, Database.sql_url, dashboard_link, and slice_link
  under SCRIPT_NAME=/superset
- 82 helper Jest tests + 71 touched component tests green; pre-commit clean

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 15:39:01 -07:00
..
common
refactor: Enable G logging rules and comprehensive ruff improvements (#35081)
2025-09-15 12:42:49 -07:00
consts
example_data
chore: enforce more ruff rules (#31447)
2024-12-18 17:41:34 -08:00
fixtures
chore: enforce more ruff rules (#31447)
2024-12-18 17:41:34 -08:00
integration_tests
fix(re-encrypt): handle non-id PKs and make command idempotent (#40079)
2026-05-12 17:59:52 -07:00
unit_tests
fix(subdirectory): close adversarial-review gaps in helpers, backend models, and FAB links
2026-05-14 15:39:01 -07:00
__init__.py
conftest.py
fix: Bump pandas to 2.1.4 for python 3.12 (#34999)
2025-09-19 09:18:00 -07:00