django.core.exceptions.SuspiciousFileOperation: The joined path (C:\) is located outside of the base path component #2057
Comments
|
Can you post the value of your staticfiles settings?
|
|
sure!
here you are:
ALLOWED_HOSTS = ['*']
AUTH_PASSWORD_VALIDATORS = [{'NAME':
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
{'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
{'NAME':
'django.contrib.auth.password_validation.CommonPasswordValidator'},
{'NAME':
'django.contrib.auth.password_validation.NumericPasswordValidator'}]
BASE_DIR = WindowsPath('C:/Users/xxx/Documents/yyy') ###
BASE_URL = 'http://127.0.0.1:8000' ###
CACHE_CONTROL = 'no-store' ###
DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'NAME':
WindowsPath('C:/Users/xxx/Documents/yyy/db.sqlite3'), 'ATOMIC_REQUESTS':
False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'CONN_HEALTH_CHECKS': False,
'OPTIONS': {}, 'TIME_ZONE': None, 'USER': '', 'PASSWORD': '', 'HOST': '',
'PORT': '', 'TEST': {'CHARSET': None, 'COLLATION': None, 'MIGRATE': True,
'MIRROR': None, 'NAME': None}}}
DEBUG = True
DECIMAL_SEPARATOR = ','
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
ENVIRONMENT = 'local' ###
INSTALLED_APPS = ['debug_toolbar', 'admin_interface', 'colorfield',
'django.contrib.admin', 'django.contrib.auth',
'django.contrib.contenttypes', 'django.contrib.sessions',
'django.contrib.messages', 'django.contrib.staticfiles',
'phonenumber_field', 'apps.dashboard', 'apps.pages', 'apps.persone',
'apps.clienti', 'apps.offerte', 'apps.commesse', 'apps.sottocommesse',
'apps.tasks', 'apps.rapportini', 'auth.apps.AuthConfig']
INTERNAL_IPS = ['127.0.0.1']
LANGUAGES = [('en', 'Inglese'), ('it', 'Italiano')]
LANGUAGE_CODE = 'it'
LOCALE_PATHS = [WindowsPath('C:/Users/xxx/Documents/yyy/locale')]
LOGIN_REDIRECT_URL = 'home'
LOGIN_URL = 'login'
LOGOUT_REDIRECT_URL = 'login'
MEDIA_ROOT = WindowsPath('C:/Users/xxx/Documents/yyy/media')
MEDIA_URL = '/media/'
MIDDLEWARE = ['debug_toolbar.middleware.DebugToolbarMiddleware',
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django_user_agents.middleware.UserAgentMiddleware']
NUMBER_GROUPING = 3
PHONENUMBER_DEFAULT_FORMAT = 'NATIONAL' ###
PHONENUMBER_DEFAULT_REGION = 'IT' ###
ROOT_URLCONF = 'config.urls' ###
SECRET_KEY = 'secret'
SETTINGS_MODULE = 'config.settings' ###
STATICFILES_DIRS = [('',
WindowsPath('C:/Users/xxx/Documents/yyy/src/assets'))]
STATIC_ROOT = 'C:\\Users\\xxx\\Documents\\yyy\\staticfiles'
STATIC_URL = '/static/'
TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [WindowsPath('C:/Users/xxx/Documents/yyy/templates')], 'APP_DIRS':
True, 'OPTIONS': {'context_processors':
['django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'config.context_processors.language_code',
'config.context_processors.my_setting',
'config.context_processors.get_cookie',
'config.context_processors.environment'], 'libraries': {'theme':
'web_project.template_tags.theme'}, 'builtins':
['django.templatetags.static', 'web_project.template_tags.theme']}}]
THOUSAND_SEPARATOR = '.'
TIME_ZONE = 'UTC'
USER_AGENTS_CACHE = 'default' ###
USE_L10N = True ###
USE_THOUSAND_SEPARATOR = True
WSGI_APPLICATION = 'config.wsgi.application'
Settings.py
STATIC_URL = "/static/"
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
# Media files (Uploads)
MEDIA_URL = '/media/'
MEDIA_ROOT = BASE_DIR / 'media'
STATICFILES_DIRS = [
('', BASE_DIR / 'src' / 'assets'),
]
Il giorno mar 14 gen 2025 alle ore 09:54 Matthias Kestenholz <
***@***.***> ha scritto:
… Can you post the value of your staticfiles settings? STATIC_ROOT,
STATIC_URL etc?
./manage.py diffsettings may help with that.
—
Reply to this email directly, view it on GitHub
<#2057 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF573J36SQSPKCNDSED5PEL2KTGDNAVCNFSM6AAAAABVEK2ZDOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOBZGM2TAMZZGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I may not understand things properly, but this: STATICFILES_DIRS = [
('', BASE_DIR / 'src' / 'assets'),
]seems suspect. It looks like that's used to declare a prefix, but I wonder what happens when it's an empty string. Maybe that's the problem? What happens if that is |
|
I made that change because, along with this modification to your file
\.venv\Lib\site-packages\django\utils\_os.py:
if paths and paths[0] == '/':
paths = ('',) + paths[1:]
I solved the problem.
Il giorno mar 14 gen 2025 alle ore 17:00 Tim Schilling <
***@***.***> ha scritto:
… I may not understand things properly, but this:
STATICFILES_DIRS = [
('', BASE_DIR / 'src' / 'assets'),
]
seems suspect. It looks like that's used to declare a prefix
<https://docs.djangoproject.com/en/5.1/ref/settings/#prefixes-optional>,
but I wonder what happens when it's an empty string. Maybe that's the
problem?
What happens if that is ('something', BASE_DIR / 'src' / 'assets') does
it still error?
—
Reply to this email directly, view it on GitHub
<#2057 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF573JYG4IDT6O2WLEQGIUL2KUYCJAVCNFSM6AAAAABVEK2ZDOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJQGMZTKOBYGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
It sounds like we can close this? |
|
I solved it by modifying your source, and I thought I'd suggest the problem
to you...
if you want you can close but for me without this "patch" the static file
report button not work
Il Mar 14 Gen 2025, 21:19 Tim Schilling ***@***.***> ha
scritto:
… It sounds like we can close this?
—
Reply to this email directly, view it on GitHub
<#2057 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF573J5M3YLF7CTZHCYSBIT2KVWM7AVCNFSM6AAAAABVEK2ZDOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJRGAZDIOJWGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
If you're referring to venv\Lib\site-packages\django\utils_os.py that's not a toolbar file, it's a django one. |
|
Ooops...
I'm very sorry, my Apologies. So probably this is a django bug.
Thank you very much
Il giorno mer 15 gen 2025 alle ore 12:02 Tim Schilling <
***@***.***> ha scritto:
… If you're referring to venv\Lib\site-packages\django\utils_os.py that's
not a toolbar file, it's a django one.
—
Reply to this email directly, view it on GitHub
<#2057 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF573J7ZZBPPNUTL36EW2MD2KY52TAVCNFSM6AAAAABVEK2ZDOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJSGM2DOMBTG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Description
On Windows systems, the Static Files panel fails when trying to resolve static files paths.
The issue occurs because the toolbar tries to resolve paths starting with '/', which on Windows
gets interpreted as 'C:', triggering Django's SuspiciousFileOperation protection.
Environment
Stack Trace
====== Safe Join Debug ======
Base path: C:\Users\xxxxxx\Documents\xxxxxx\src\assets
Final path: C:
Paths to join: ('/',)
normcase(final_path): c:
normcase(base_path + sep): c:\users\xxxxx\documents\xxxxxx\src\assets
dirname(normcase(base_path)): c:\users\xxxxxx\documents\xxxxxx\src
Proposed Fix
Modified
safe_jointo handle root paths on Windows by replacing '/' with '' as the first path element.The text was updated successfully, but these errors were encountered: