@alukach @seav Whoever gets this first, please review urgently. This is very critical.
Proposed changes in this pull request
Why I made this change
2007 introduced a critical bug on the project dashboard that resulted in requests to the async location endpoint being added recursively; causing the browser to crash eventually.
The reason is the query parameters are not formatted correctly when the exclude parameter is present; the resulting URL would look something like http://host/async/.../?exclude=123?page=2.
This, in turn, causes the API to return bad parameters for prev and next; something like http://host/async/.../?exclude=123?page=2?page=4, which the browser uses to send another request to that URL... You know where this is going.
Description of the change
Make sure that whenever we include the exclude query parameter, the URL is formatted correctly.
How someone else can test the change
Load the example project (using ./manage.py load fixtures --records=3000 and go to the London 2 project.
Switch on dev tools in your browser and watch the HTTP requests going out.
Open a location detail page. On master you should see requests constantly being added to the queue, which at some point will cause the browser to crash.
With these changes applied, the locations should load once.
When should this PR be merged
ASAP
Risks
None
Follow-up actions
None
Checklist (for reviewing)
General
Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
[ ] Review 1
[ ] Review 2
Is the PR labeled correctly? It should have the migration label if a new migration is added.
[ ] Review 1
[ ] Review 2
Is the risk level assessment sufficient? The risks section should contain all risks that might be introduced with the PR and which actions we need to take to mitigate these risks. Possible risks are database migrations, new libraries that need to be installed or changes to deployment scripts.
[ ] Review 1
[ ] Review 2
Functionality
Are all requirements met? Compare implemented functionality with the requirements specification.
[ ] Review 1
[ ] Review 2
Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.
[ ] Review 1
[ ] Review 2
Code
Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
[ ] Review 1
[ ] Review 2
Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
[ ] Review 1
[ ] Review 2
Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.
[ ] Review 1
[ ] Review 2
Is the code documented sufficiently? Large and complex classes, functions or methods must be annotated with comments following our code-style guidelines.
[ ] Review 1
[ ] Review 2
Has the scalability of this change been evaluated?
[ ] Review 1
[ ] Review 2
Is there a maintenance plan in place?
[ ] Review 1
[ ] Review 2
Tests
Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
[ ] Review 1
[ ] Review 2
If this is a bug fix, are tests for the issue in place? There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.
[ ] Review 1
[ ] Review 2
If this is a new feature or a significant change to an existing feature? has the manual testing spreadsheet been updated with instructions for manual testing?
[ ] Review 1
[ ] Review 2
Security
Confirm this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.
[ ] Review 1
[ ] Review 2
Are all UI and API inputs run through forms or serializers?
[ ] Review 1
[ ] Review 2
Are all external inputs validated and sanitized appropriately?
[ ] Review 1
[ ] Review 2
Does all branching logic have a default case?
[ ] Review 1
[ ] Review 2
Does this solution handle outliers and edge cases gracefully?
[ ] Review 1
[ ] Review 2
Are all external communications secured and restricted to SSL?
[ ] Review 1
[ ] Review 2
Documentation
Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes must be documented in the Cadasta Platform Documentation.
[ ] Review 1
[ ] Review 2
Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented in the API docs.
[ ] Review 1
[ ] Review 2
Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.
@alukach @seav Whoever gets this first, please review urgently. This is very critical.
Proposed changes in this pull request
Why I made this change
2007 introduced a critical bug on the project dashboard that resulted in requests to the async location endpoint being added recursively; causing the browser to crash eventually.
The reason is the query parameters are not formatted correctly when the
excludeparameter is present; the resulting URL would look something likehttp://host/async/.../?exclude=123?page=2.This, in turn, causes the API to return bad parameters for
prevandnext; something likehttp://host/async/.../?exclude=123?page=2?page=4, which the browser uses to send another request to that URL... You know where this is going.Description of the change
Make sure that whenever we include the
excludequery parameter, the URL is formatted correctly.How someone else can test the change
Load the example project (using
./manage.py load fixtures --records=3000and go to the London 2 project.Switch on dev tools in your browser and watch the HTTP requests going out.
Open a location detail page. On
masteryou should see requests constantly being added to the queue, which at some point will cause the browser to crash.With these changes applied, the locations should load once.
When should this PR be merged
ASAP
Risks
None
Follow-up actions
None
Checklist (for reviewing)
General
Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
Is the PR labeled correctly? It should have the
migrationlabel if a new migration is added.Is the risk level assessment sufficient? The risks section should contain all risks that might be introduced with the PR and which actions we need to take to mitigate these risks. Possible risks are database migrations, new libraries that need to be installed or changes to deployment scripts.
Functionality
Are all requirements met? Compare implemented functionality with the requirements specification.
Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.
Code
Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.
Is the code documented sufficiently? Large and complex classes, functions or methods must be annotated with comments following our code-style guidelines.
Has the scalability of this change been evaluated?
Is there a maintenance plan in place?
Tests
Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
If this is a bug fix, are tests for the issue in place? There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.
If this is a new feature or a significant change to an existing feature? has the manual testing spreadsheet been updated with instructions for manual testing?
Security
Confirm this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.
Are all UI and API inputs run through forms or serializers?
Are all external inputs validated and sanitized appropriately?
Does all branching logic have a default case?
Does this solution handle outliers and edge cases gracefully?
Are all external communications secured and restricted to SSL?
Documentation
Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes must be documented in the Cadasta Platform Documentation.
Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented in the API docs.
Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.