fix URL paths for proxy safety (#274)

* fix URL paths for proxy safety - update JS, HTML pages for proxied safety - attempts to fix issue #273 * fix small error for labeler / task redirect Co-authored-by: Eric Z <[email protected]>
HumanSignal · May 7, 2020 · 2a132ca · 2a132ca
1 parent 1638103
commit 2a132ca
Show file tree

Hide file tree

Showing 11 changed files with 42 additions and 42 deletions.
diff --git a/label_studio/static/js/lsb.js b/label_studio/static/js/lsb.js
@@ -5,12 +5,12 @@
  */
 
 const API_URL = {
-  MAIN: "/api",
+  MAIN: "api",
   TASKS: "/tasks",
   COMPLETIONS: "/completions",
   CANCEL: "/cancel",
   PROJECTS: "/projects",
-  NEXT: "/next",
+  NEXT: "/next/",
   EXPERT_INSRUCTIONS: "/expert_instruction",
 };
 
@@ -228,7 +228,7 @@ const LSB = function(elid, config, task) {
     onDeleteCompletion: function(ls, completion) {
       ls.setFlags({ isLoading: true });
 
-      const req = Requests.remover("/api/tasks/" + ls.task.id + "/completions/" + completion.pk + "/");
+      const req = Requests.remover(`${API_URL.MAIN}${API_URL.TASKS}/${ls.task.id}${API_URL.COMPLETIONS}/${completion.pk}/`);
       req.then(function(httpres) {
         ls.setFlags({ isLoading: false });
       });

diff --git a/label_studio/templates/base.html b/label_studio/templates/base.html
@@ -6,15 +6,15 @@
   <meta charset="utf-8"/>
 
   <link href="//fonts.googleapis.com/css?family=Dosis:500&amp;text=LabelStudio" rel="stylesheet" type="text/css">
-  <link rel="shortcut icon" href="/static/favicon.ico"/>
-  <link rel="stylesheet" href="/static/css/reset.css">
-  <link rel="stylesheet" href="/static/css/main.css?v2">
-  <link rel="stylesheet" href="/static/css/fontall.min.css">
-  <link rel="stylesheet" href="/static/semantic/semantic.min.css">
+  <link rel="shortcut icon" href="static/favicon.ico"/>
+  <link rel="stylesheet" href="static/css/reset.css">
+  <link rel="stylesheet" href="static/css/main.css?v2">
+  <link rel="stylesheet" href="static/css/fontall.min.css">
+  <link rel="stylesheet" href="static/semantic/semantic.min.css">
 
-  <script src="/static/js/jquery.min.js"></script>
-  <script src="/static/semantic/semantic.min.js"></script>
-  <script src="/static/js/helpers.js"></script>
+  <script src="static/js/jquery.min.js"></script>
+  <script src="static/semantic/semantic.min.js"></script>
+  <script src="static/js/helpers.js"></script>
 
   <!-- Editor CSS -->
   {% for css in editor_css %}
@@ -32,39 +32,39 @@
 
 <!-- Header -->
 <div id="header">
-  <a id="logo" href="/welcome">
-    <img src="/static/images/ls_logo.png" alt="label studio logo" class="img-logo">
+  <a id="logo" href="welcome">
+    <img src="static/images/ls_logo.png" alt="label studio logo" class="img-logo">
     <span class="img-text">{{ config['title'] }}</span>
   </a>
   <ul id="nav">
   &nbsp;
-    <a href="/" class="{% if url_for(request.endpoint) == '/' %}active{% endif %}">Labeling</a>
+    <a href="." class="{% if url_for(request.endpoint) == '/' %}active{% endif %}">Labeling</a>
     <span class="delim">|</span>
 
-    <a href="/tasks" class="{% if url_for(request.endpoint) == '/tasks' %}active{% endif %}">Tasks</a>
+    <a href="tasks" class="{% if url_for(request.endpoint) == '/tasks' %}active{% endif %}">Tasks</a>
     <span class="delim">|</span>
 
-    <a href="/import" class="{% if url_for(request.endpoint) == '/import' %}active{% endif %}">Import</a>
+    <a href="import" class="{% if url_for(request.endpoint) == '/import' %}active{% endif %}">Import</a>
     <span class="delim">|</span>
 
-    <a href="/export" class="{% if url_for(request.endpoint) == '/export' %}active{% endif %}">Export</a>
+    <a href="export" class="{% if url_for(request.endpoint) == '/export' %}active{% endif %}">Export</a>
     <span class="delim">|</span>
 
-    <a href="/model" class="{% if url_for(request.endpoint) == '/model' %}active{% endif %}">Model</a>
+    <a href="model" class="{% if url_for(request.endpoint) == '/model' %}active{% endif %}">Model</a>
     <span class="delim">|</span>
 
-    <a href="/setup" class="{% if url_for(request.endpoint) == '/setup' %}active{% endif %}">Setup</a>
+    <a href="setup" class="{% if url_for(request.endpoint) == '/setup' %}active{% endif %}">Setup</a>
     <span class="delim">|</span>
 
     <a href="https://labelstud.io/guide/" target="_blank">Docs</a>
     <span class="delim">|</span>
 
     <a href="https://github.com/heartexlabs/label-studio" target="_blank">
-      <img src="/static/images/github.svg" height="22"/></a>
+      <img src="static/images/github.svg" height="22"/></a>
 
     <a href="https://docs.google.com/forms/d/e/1FAIpQLSdLHZx5EeT1J350JPwnY2xLanfmvplJi6VZk65C2R4XSsRBHg/viewform?usp=sf_link"
        data-tooltip="If you have any troubles or suggestion just report us to Slack" data-position="bottom right"
-       target="_blank"><img src="/static/images/slack.png" height="22"/></a>
+       target="_blank"><img src="static/images/slack.png" height="22"/></a>
 
   </ul>
 </div>

diff --git a/label_studio/templates/export.html b/label_studio/templates/export.html
@@ -56,7 +56,7 @@
       <br>
       <br>
       <a class="ui button positive center"
-         onclick="downloadFile('/api/export?format=' + $('#export-format-dropdown').val())">
+         onclick="downloadFile('api/export?format=' + $('#export-format-dropdown').val())">
         Export Completions</a>
       <br>
 

diff --git a/label_studio/templates/labeling.html b/label_studio/templates/labeling.html
@@ -1,7 +1,7 @@
 {% extends 'base.html' %}
 {% block body %}
 
-<script src="/static/js/lsb.js"></script>
+<script src="static/js/lsb.js"></script>
 
 <!-- Editor -->
 <div class="content">

diff --git a/label_studio/templates/model.html b/label_studio/templates/model.html
@@ -147,7 +147,7 @@
       // stop upload wait
       function stop_wait(obj, success) {
           if (success) {
-              window.location = '/?task_id=' + obj[0];
+              window.location = '?task_id=' + obj[0];
           } else {
               alert(obj);
           }

diff --git a/label_studio/templates/render_ls.html b/label_studio/templates/render_ls.html
@@ -39,8 +39,8 @@
 </head>
 <body>
 
-<script src="/static/js/jquery.min.js"></script>
-<script src="/static/js/lsb.js"></script>
+<script src="static/js/jquery.min.js"></script>
+<script src="static/js/lsb.js"></script>
 
 <!-- Editor -->
 <div class="ui content">

diff --git a/label_studio/templates/setup.html b/label_studio/templates/setup.html
@@ -34,7 +34,7 @@
   <div class="ui wrapper">
     {% include 'setup_help.html' %}
 
-    <form action="/api/save-config" method="post" class="ui form">
+    <form action="api/save-config" method="post" class="ui form">
 
       <!-- Textarea & Preview in two cols -->
       <div class="ui two column grid zero-margin step2 stackable">
@@ -307,7 +307,7 @@ <h3>Output Completion Preview</h3>
     function show_render_editor(editor) {
       let config = labelEditor.getValue();
       $.ajax({
-        url: '/api/render-label-studio',
+        url: 'api/render-label-studio',
         method: 'POST',
         data: {config: config},
         success: editor_iframe,
@@ -320,7 +320,7 @@ <h3>Output Completion Preview</h3>
     // send request to server with configs to validate
     function validate_config(editor) {
       // get current scheme type from current editor
-      let url = '/api/validate-config';
+      let url = 'api/validate-config';
       var val = labelEditor.getValue();
 
       if (!val.length)
@@ -348,7 +348,7 @@ <h3>Output Completion Preview</h3>
 
       // load sample task
       $.post({
-        url: '/api/import-example',
+        url: 'api/import-example',
         data: {label_config: val}
       })
         .fail(o => {

diff --git a/label_studio/templates/setup_help.html b/label_studio/templates/setup_help.html
@@ -61,7 +61,7 @@
     let yes = confirm("You will lose ALL YOUR DATA, this action CAN'T BE UNDONE.\nAre you sure?");
     if (yes) {
       let request = new XMLHttpRequest();
-      request.open("POST", "/api/project/?new=true", true);
+      request.open("POST", "api/project/?new=true", true);
       request.onload = function () {
         window.location.reload();
       };

diff --git a/label_studio/templates/tasks.html b/label_studio/templates/tasks.html
@@ -35,10 +35,10 @@
 
         <div class="row">
           {% if task_ids|length > 0 %}
-            <a class="ui button positive" href="/">Start Labeling</a>
+            <a class="ui button positive" href=".">Start Labeling</a>
             <a id="clear-tasks-button" class="ui button red">Delete All Tasks</a>
           {% else %}
-            <a class="ui button positive" href="/import">Import Tasks</a>
+            <a class="ui button positive" href="import">Import Tasks</a>
           {% endif %}
         </div>
 
@@ -55,7 +55,7 @@
         {% for id in task_ids %}
           <tr>
             <td class="text-center">
-              <a href="/?task_id={{ id }}">
+              <a href=".?task_id={{ id }}">
                 <i class="fas fa-eye eye show-completion"></i>
               </a>
               &nbsp;
@@ -81,7 +81,7 @@
       test.addEventListener("click", function (event) {
         var id = event.target.dataset.taskId;
         var request = new XMLHttpRequest();
-        request.open("DELETE", "/api/tasks/" + id + "/completions/" + id + "/", true);
+        request.open("DELETE", "api/tasks/" + id + "/completions/" + id + "/", true);
         request.onload = function () {
           window.location.reload();
         };
@@ -94,7 +94,7 @@
         'You are going to delete all existing tasks.\nWarning! this operation cannot be undone.\nPlease confirm your action.');
       if (deletion_confirmed) {
         let request = new XMLHttpRequest();
-        request.open("DELETE", "/api/tasks/delete", true);
+        request.open("DELETE", "api/tasks/delete", true);
         request.onload = function () {
           window.location.reload();
         };

diff --git a/label_studio/templates/welcome.html b/label_studio/templates/welcome.html
@@ -107,7 +107,7 @@
           <div class="step">Step 1</div>
         </div>
         <div class="content">
-          <span class="header"><a href="/setup">Setup</a> your label config</span>
+          <span class="header"><a href="setup">Setup</a> your label config</span>
         </div>
       </div>
 
@@ -118,7 +118,7 @@
           <div class="step">Step 2</div>
         </div>
         <div class="content">
-          <span class="header"><a href="/import">Import</a> tasks to project</span>
+          <span class="header"><a href="import">Import</a> tasks to project</span>
         </div>
       </div>
 
@@ -129,7 +129,7 @@
           <div class="step">Step 3</div>
         </div>
         <div class="content">
-          <span class="header"><a href="/">Start</a> labeling tasks</span>
+          <span class="header"><a href=".">Start</a> labeling tasks</span>
         </div>
       </div>
 
@@ -140,7 +140,7 @@
           <div class="step">Step 4</div>
         </div>
         <div class="content">
-          <span class="header"><a href="/export">Export</a> completions</span>
+          <span class="header"><a href="export">Export</a> completions</span>
         </div>
       </div>
 

diff --git a/label_studio/utils/io.py b/label_studio/utils/io.py
@@ -50,8 +50,8 @@ def find_editor_files():
     """
     editor_js_dir = find_dir('static/editor/js')
     editor_css_dir = find_dir('static/editor/css')
-    editor_js = ['/static/editor/js/' + f for f in os.listdir(editor_js_dir) if f.endswith('.js')]
-    editor_css = ['/static/editor/css/' + f for f in os.listdir(editor_css_dir) if f.endswith('.css')]
+    editor_js = ['static/editor/js/' + f for f in os.listdir(editor_js_dir) if f.endswith('.js')]
+    editor_css = ['static/editor/css/' + f for f in os.listdir(editor_css_dir) if f.endswith('.css')]
     return {'editor_css': editor_css, 'editor_js': editor_js}