Skip to content

fix: serve favicon.ico and robots.txt from WHITENOISE_ROOT #1397

Open
paulschreiber wants to merge 5 commits into
developfrom
fix/favicon
Open

fix: serve favicon.ico and robots.txt from WHITENOISE_ROOT #1397
paulschreiber wants to merge 5 commits into
developfrom
fix/favicon

Conversation

@paulschreiber

@paulschreiber paulschreiber commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Description

Serve favicon.ico and robots.txt from WHITENOISE_ROOT .

Remove old template view for robots.txt

Partially addresses https://github.com/freedomofpress/fpf-www-projects/issues/581

Changes proposed in this pull request:

Type of change

  • Bug fix
  • New feature
  • Vulnerabilities update
  • Config changes
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires an admin update after deploy
  • Includes a database migration removing or renaming a field

@paulschreiber paulschreiber changed the title fix: serve favicon.ico from WHITENOISE_ROOT fix: serve favicon.ico and robots.txt from WHITENOISE_ROOT Jul 2, 2026
@paulschreiber paulschreiber marked this pull request as ready for review July 2, 2026 20:34
@paulschreiber paulschreiber requested review from a team as code owners July 2, 2026 20:34
STORAGES["staticfiles"] = {
"BACKEND": "whitenoise.storage.CompressedManifestStaticFilesStorage",
}
WHITENOISE_ROOT = os.path.join(BASE_DIR, "securedrop", "static")

@harrislapiroff harrislapiroff Jul 6, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack, I hate to be so nitpicky about this multiple times, but I think this isn't the right solution either for two reasons:

  1. The result of this is that our javascript files in that directory will now also be served at the root (so piwik.js will be available at https://securedrop.org/static/js/piwik.js and https://securedrop.org/js/piwik.js and, while I can't think offhand of any problems that would cause, it's at least weird. (It would cause a problem if someone added a folder name that collided with a page URL, e.g., if someone added static files relating to the directory to /securedrop/static/directory/ that would cause the directory at https://securedrop.org/directory/ to stop working in a way that might confuse a future dev. This is a bit contrived, since that probably isn't where they would add such files.)
  2. More importantly I think this directory structure kinda muddies the distinction between the files we want to serve at the root and the ones we want to serve under /static/ which could be potentially confusing to a future developer more distant from this change.

I'd suggest either:

  1. Move favicon and robots to /securedrop/static/root/ and make this WHITENOISE_ROOT = os.path.join(BASE_DIR, "securedrop", "static", "root"). The root files will still end up getting served twice, but at least the intention will be clear—and polluting the /static/ namespace is less high-stakes than polluting the root of the site.
  2. Create a separate directory at /root_static/ or similar and put the files in there and change this to WHITENOISE_ROOT = os.path.join(BASE_DIR, "root_static"). I prefer this solution for minimal ambiguity, but I'm not wedded to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants