Skip to content

fix: standardize root path redirects#5329

Open
huahuajhu wants to merge 3 commits into
IBM:mainfrom
huahuajhu:huahuajhu/refactor-root-path-access
Open

fix: standardize root path redirects#5329
huahuajhu wants to merge 3 commits into
IBM:mainfrom
huahuajhu:huahuajhu/refactor-root-path-access

Conversation

@huahuajhu

@huahuajhu huahuajhu commented Jun 20, 2026

Copy link
Copy Markdown

Pull Request

🔗 Related Issue

Closes #1588


📝 Summary

This PR finishes the current-main root path cleanup for #1588:

  • routes SecurityHeadersMiddleware through the canonical resolve_root_path() helper instead of reading request.scope["root_path"] directly
  • guards root-path fallback values so patched or mocked settings without a string app_root_path do not crash request processing
  • normalizes admin dashboard redirects to /admin/ and /admin/#fragment, avoiding slash-normalization redirects for dashboard targets
  • normalizes SSO dashboard redirects to /admin/ and /admin/?team_id=...
  • updates focused admin, SSO, path utility, and security-header tests that assert these URL and fallback shapes

📏 Reviewability

  • This PR has one clear purpose
  • The linked issue is not labeled triage
  • Unrelated bugs or improvements are tracked in separate issues/PRs
  • Tests are included with the code they validate
  • If AI-assisted, I understand and can explain the generated changes

🏷️ Type of Change

  • Bug fix
  • Feature / Enhancement
  • Documentation
  • Refactor
  • Chore (deps, CI, tooling)
  • Other (describe below)

🧪 Verification

Check Command Status
Focused affected tests uv run --extra plugins pytest tests/unit/mcpgateway/routers/test_sso_router.py tests/unit/mcpgateway/middleware/test_security_headers_middleware.py tests/unit/mcpgateway/utils/test_paths.py tests/unit/mcpgateway/test_admin.py tests/unit/mcpgateway/test_admin_module.py -q ✅ Passed
Security/fuzz compatibility uv run --extra plugins pytest tests/security/test_security_middleware_comprehensive.py tests/fuzz/test_security_performance_compatibility.py -q ✅ Passed
Root-path doctests uv run --extra plugins pytest --doctest-modules mcpgateway/utils/paths.py mcpgateway/middleware/security_headers.py -q ✅ Passed
Formatting uv run black --target-version py311 --check mcpgateway/utils/paths.py mcpgateway/middleware/security_headers.py tests/unit/mcpgateway/utils/test_paths.py tests/unit/mcpgateway/middleware/test_security_headers_middleware.py ✅ Passed
Touched-file Ruff uv run ruff check mcpgateway/utils/paths.py mcpgateway/middleware/security_headers.py tests/unit/mcpgateway/utils/test_paths.py tests/unit/mcpgateway/middleware/test_security_headers_middleware.py ✅ Passed
Whitespace git diff --check ✅ Passed
Root-path direct reads and bare dashboard redirects `rg -n 'request.scope.get(["'"']root_path["'"'] resolve_root_path([^\n]*fallback=settings.app_root_path
Lint suite make lint Not run; see focused checks above
Full unit tests make test Not run; focused affected tests passed
Coverage ≥ 80% make coverage Not run

Note: direct file-level ruff check on large unrelated legacy files still reports pre-existing violations, so this PR verifies Ruff on the touched files and uses focused tests for the affected behavior. A direct Ruff run over the untouched fuzz compatibility file also reports pre-existing F811/PLW0717; the full fuzz compatibility tests pass.


✅ Checklist

  • Code formatted (black --check on touched files)
  • Tests added/updated for changes
  • Documentation updated (not applicable)
  • No secrets or credentials committed

Signed-off-by: Hua Hua <huahuajhu@gmail.com>
Copilot AI review requested due to automatic review settings June 20, 2026 05:26
@huahuajhu

Copy link
Copy Markdown
Author

Hi @crivetimihai, I opened this as a smaller current-main refresh for #1588 since #3875 is now stale/dirty. I kept the root-path behavior on the canonical resolve_root_path() helper rather than switching everything to settings.app_root_path directly, because your note on #3875 called out that scope-based root path handling is more ASGI-resilient. This PR removes the remaining direct root-path reads outside that helper and normalizes the remaining admin dashboard redirects to /admin/ / /admin/#fragment. Happy to adjust if you prefer this split differently.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR completes the root-path cleanup for #1588 by standardizing how root paths are resolved in middleware and by normalizing admin redirect URL shapes to avoid extra slash-normalization redirects, with unit tests updated accordingly.

Changes:

  • Route SecurityHeadersMiddleware root-path handling through the canonical resolve_root_path() helper.
  • Normalize admin redirects to /admin/ and /admin/#fragment (including root-path-prefixed variants) to avoid trailing-slash redirects.
  • Update focused admin and security-headers unit tests to assert the new redirect/header behaviors.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
mcpgateway/middleware/security_headers.py Switches root_path resolution to resolve_root_path() for consistent proxy/mounted behavior.
mcpgateway/admin.py Normalizes admin redirects to include /admin/ and /admin/#fragment to avoid extra redirects.
tests/unit/mcpgateway/middleware/test_security_headers_middleware.py Expands request builder and adds coverage for settings-based root_path fallback in CSP/cache exemption checks.
tests/unit/mcpgateway/test_admin.py Updates redirect assertions to match /admin/ and /admin/#fragment shapes.
tests/unit/mcpgateway/test_admin_module.py Updates admin redirect assertions and reformats monkeypatch lines for readability.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread mcpgateway/middleware/security_headers.py Outdated
Signed-off-by: Hua Hua <huahuajhu@gmail.com>
Signed-off-by: Hua Hua <huahuajhu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[CHORE][REFACTOR]: Standardize root_path access pattern across codebase

2 participants