fix(labrinth): proper page view ingest URL origin filtering #4344
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
While testing the changes from #4343, I noticed that local environment deployments failed to update project view analytics in Clickhouse at the request of a local frontend server, always returning an HTTP 400 error with an
invalid page view URL specified!
message.Looking into the cause, I found that the analytics ingestion code relied on a list of allowed origins defined in the
CORS_ALLOWED_ORIGINS
environment variable for view URL filtering. However, this variable is not defined in any.env
template in the repository, nor in any staging or production environment as far as I can tell. It's also not validated during Labrinth startup in thecheck_env_vars
function. The only reason views were counted in production was due to special-case code that allowed subdomains ofmodrinth.com
as origins, an inelegant workaround that is inconsistent with the existing CORS filtering, which already happens at a higher layer and is configured through theANALYTICS_ALLOWED_ORIGINS
variable.To resolve this, the PR removes the invalid reference to
CORS_ALLOWED_ORIGINS
, making the filter code use the intendedANALYTICS_ALLOWED_ORIGINS
variable instead. This ensures views are counted in all deployments and eliminates recurring request error logs whenever a project is opened in Labrinth under these environments.