Related modal window includes the header.
fabiocaccamo opened this issue · comments
Python version
3.11
Django version
4.2.9
Package version
0.28.6
Current behavior (bug description)
When opening a custom modal window (just adding _popup=1 suffix to the url), the resulting modal window content includes the admin site header.
Expected behavior
The resulting modal window content must not include the admin site header.
Upvote & Fund
- We're using Polar.sh so you can upvote and help fund this issue.
- We receive the funding once the issue is completed & confirmed by you.
- Thank you in advance for helping prioritize & fund our backlog.
Investigating what is happening
Clicking the link, the url is loaded in the modal window:
https://mysite.com/admin/myapp/mymodel/?_popup=1&_modal=347257
It returns a 302 and then the final url becomes:
https://mysite.com/admin/myapp/mymodel/?e=1
The problem is that django, for security reasons filters out unexpected query-string parameters, and in this case the _modal parameter gets appended here just for app specific needs (only if it's not a lookup):
https://github.com/fabiocaccamo/django-admin-interface/blob/main/admin_interface/static/admin_interface/related-modal/related-modal.js#L60
This behavior, although very useful, is also very limiting in case you want to load custom pages in modal windows and use custom query-string parameters for specific needs.
@merwok do you have any ideas on how this problem could be solved/avoided?
Not sure I understand the comment in related-modal.js
«Browsers stop loading nested iframes with same src» (same as origin page I suppose?) – but why would they be the same? The main page does not have ?_popup=1.
@merwok I don't remember well the nested modals open on the same url issue.
Btw, the problem is that if there are custom query-string params it doesn't work correctly.