Be more defensive in redirect code (#11427)

* Be more defensive in redirect code Fixes #11338 * Try to add a test * Rename test
readthedocs · Jun 19, 2024 · 1216e99 · 1216e99
1 parent 44a7476
commit 1216e99
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/common b/common
diff --git a/readthedocs/proxito/views/serve.py b/readthedocs/proxito/views/serve.py
@@ -122,6 +122,9 @@ def get(self, request, path):
         and if the project is marked as spam.
         """
         unresolved_domain = request.unresolved_domain
+        # Protect against bad requests to API hosts that don't set this attribute.
+        if not unresolved_domain:
+            raise Http404
         # Handle requests that need canonicalizing first,
         # e.g. HTTP -> HTTPS, redirect to canonical domain, etc.
         # We run this here to reduce work we need to do on easily cached responses.

diff --git a/readthedocs/rtd_tests/tests/test_footer.py b/readthedocs/rtd_tests/tests/test_footer.py
@@ -318,6 +318,12 @@ def test_not_built_versions(self):
         self.assertIn("/en/latest/", response.data["html"])
         self.assertNotIn("/en/2.0/", response.data["html"])
 
+    def test_invalid_footer_url(self):
+        # The built versions appears on the footer
+        self.url = reverse("footer_html") + "/invalid/url"
+        response = self.render()
+        self.assertEqual(response.status_code, 404)
+
 
 class TestFooterHTML(BaseTestFooterHTML, TestCase):
     pass