fix: standardize root path redirects#5329
Conversation
Signed-off-by: Hua Hua <huahuajhu@gmail.com>
|
Hi @crivetimihai, I opened this as a smaller current-main refresh for #1588 since #3875 is now stale/dirty. I kept the root-path behavior on the canonical |
There was a problem hiding this comment.
Pull request overview
This PR completes the root-path cleanup for #1588 by standardizing how root paths are resolved in middleware and by normalizing admin redirect URL shapes to avoid extra slash-normalization redirects, with unit tests updated accordingly.
Changes:
- Route
SecurityHeadersMiddlewareroot-path handling through the canonicalresolve_root_path()helper. - Normalize admin redirects to
/admin/and/admin/#fragment(including root-path-prefixed variants) to avoid trailing-slash redirects. - Update focused admin and security-headers unit tests to assert the new redirect/header behaviors.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
mcpgateway/middleware/security_headers.py |
Switches root_path resolution to resolve_root_path() for consistent proxy/mounted behavior. |
mcpgateway/admin.py |
Normalizes admin redirects to include /admin/ and /admin/#fragment to avoid extra redirects. |
tests/unit/mcpgateway/middleware/test_security_headers_middleware.py |
Expands request builder and adds coverage for settings-based root_path fallback in CSP/cache exemption checks. |
tests/unit/mcpgateway/test_admin.py |
Updates redirect assertions to match /admin/ and /admin/#fragment shapes. |
tests/unit/mcpgateway/test_admin_module.py |
Updates admin redirect assertions and reformats monkeypatch lines for readability. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Hua Hua <huahuajhu@gmail.com>
Signed-off-by: Hua Hua <huahuajhu@gmail.com>
Pull Request
🔗 Related Issue
Closes #1588
📝 Summary
This PR finishes the current-main root path cleanup for #1588:
SecurityHeadersMiddlewarethrough the canonicalresolve_root_path()helper instead of readingrequest.scope["root_path"]directlyapp_root_pathdo not crash request processing/admin/and/admin/#fragment, avoiding slash-normalization redirects for dashboard targets/admin/and/admin/?team_id=...📏 Reviewability
triage🏷️ Type of Change
🧪 Verification
uv run --extra plugins pytest tests/unit/mcpgateway/routers/test_sso_router.py tests/unit/mcpgateway/middleware/test_security_headers_middleware.py tests/unit/mcpgateway/utils/test_paths.py tests/unit/mcpgateway/test_admin.py tests/unit/mcpgateway/test_admin_module.py -quv run --extra plugins pytest tests/security/test_security_middleware_comprehensive.py tests/fuzz/test_security_performance_compatibility.py -quv run --extra plugins pytest --doctest-modules mcpgateway/utils/paths.py mcpgateway/middleware/security_headers.py -quv run black --target-version py311 --check mcpgateway/utils/paths.py mcpgateway/middleware/security_headers.py tests/unit/mcpgateway/utils/test_paths.py tests/unit/mcpgateway/middleware/test_security_headers_middleware.pyuv run ruff check mcpgateway/utils/paths.py mcpgateway/middleware/security_headers.py tests/unit/mcpgateway/utils/test_paths.py tests/unit/mcpgateway/middleware/test_security_headers_middleware.pygit diff --checkmake lintmake testmake coverageNote: direct file-level
ruff checkon large unrelated legacy files still reports pre-existing violations, so this PR verifies Ruff on the touched files and uses focused tests for the affected behavior. A direct Ruff run over the untouched fuzz compatibility file also reports pre-existingF811/PLW0717; the full fuzz compatibility tests pass.✅ Checklist
black --checkon touched files)