Closes #21468: copy_safe_request() should retain non-sensitive HTTP request headers

.github/workflows/claude-code-review.yml

@@ -3,14 +3,20 @@ name: Claude Code Review
 on:
   pull_request:
     types: [opened, synchronize, ready_for_review, reopened]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
 
 jobs:
   claude-review:
-    # Only run for PRs submitted by organization members or owners
-    if: |
-      github.repository == 'netbox-community/netbox' &&
-      (github.event.pull_request.author_association == 'MEMBER' ||
-      github.event.pull_request.author_association == 'OWNER')
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
 
     runs-on: ubuntu-latest
     permissions:
@@ -27,7 +33,7 @@ jobs:
 
       - name: Run Claude Code Review
         id: claude-review
-        uses: anthropics/claude-code-action@e763fe78de2db7389e04818a00b5ff8ba13d1360 # v1
+        uses: anthropics/claude-code-action@v1
         with:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
@@ -35,3 +41,4 @@ jobs:
           prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
           # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
           # or https://code.claude.com/docs/en/cli-reference for available options
+

netbox/dcim/ui/panels.py

@@ -137,12 +137,6 @@ class DeviceDimensionsPanel(panels.ObjectAttributesPanel):
     total_weight = attrs.TemplatedAttr('total_weight', template_name='dcim/device/attrs/total_weight.html')
 
 
-class DeviceRolePanel(panels.NestedGroupObjectPanel):
-    color = attrs.ColorAttr('color')
-    vm_role = attrs.BooleanAttr('vm_role', label=_('VM role'))
-    config_template = attrs.RelatedObjectAttr('config_template', linkify=True)
-
-
 class DeviceTypePanel(panels.ObjectAttributesPanel):
     manufacturer = attrs.RelatedObjectAttr('manufacturer', linkify=True)
     model = attrs.TextAttr('model')
@@ -159,36 +153,11 @@ class DeviceTypePanel(panels.ObjectAttributesPanel):
     rear_image = attrs.ImageAttr('rear_image')
 
 
-class ModulePanel(panels.ObjectAttributesPanel):
-    device = attrs.RelatedObjectAttr('device', linkify=True)
-    device_type = attrs.RelatedObjectAttr('device.device_type', linkify=True, grouped_by='manufacturer')
-    module_bay = attrs.NestedObjectAttr('module_bay', linkify=True)
-    status = attrs.ChoiceAttr('status')
-    description = attrs.TextAttr('description')
-    serial = attrs.TextAttr('serial', label=_('Serial number'), style='font-monospace', copy_button=True)
-    asset_tag = attrs.TextAttr('asset_tag', style='font-monospace', copy_button=True)
-
-
 class ModuleTypeProfilePanel(panels.ObjectAttributesPanel):
     name = attrs.TextAttr('name')
     description = attrs.TextAttr('description')
 
 
-class ModuleTypePanel(panels.ObjectAttributesPanel):
-    profile = attrs.RelatedObjectAttr('profile', linkify=True)
-    manufacturer = attrs.RelatedObjectAttr('manufacturer', linkify=True)
-    model = attrs.TextAttr('model', label=_('Model name'))
-    part_number = attrs.TextAttr('part_number')
-    description = attrs.TextAttr('description')
-    airflow = attrs.ChoiceAttr('airflow')
-    weight = attrs.NumericAttr('weight', unit_accessor='get_weight_unit_display')
-
-
-class PlatformPanel(panels.NestedGroupObjectPanel):
-    manufacturer = attrs.RelatedObjectAttr('manufacturer', linkify=True)
-    config_template = attrs.RelatedObjectAttr('config_template', linkify=True)
-
-
 class VirtualChassisMembersPanel(panels.ObjectPanel):
     """
     A panel which lists all members of a virtual chassis.

netbox/dcim/views.py

@@ -25,7 +25,6 @@ from netbox.ui.panels import (
     NestedGroupObjectPanel,
     ObjectsTablePanel,
     OrganizationalObjectPanel,
-    Panel,
     RelatedObjectsPanel,
     TemplatePanel,
 )
@@ -1668,22 +1667,6 @@ class ModuleTypeListView(generic.ObjectListView):
 @register_model_view(ModuleType)
 class ModuleTypeView(GetRelatedModelsMixin, generic.ObjectView):
     queryset = ModuleType.objects.all()
-    layout = layout.SimpleLayout(
-        left_panels=[
-            panels.ModuleTypePanel(),
-            TagsPanel(),
-            CommentsPanel(),
-        ],
-        right_panels=[
-            Panel(
-                title=_('Attributes'),
-                template_name='dcim/panels/module_type_attributes.html',
-            ),
-            RelatedObjectsPanel(),
-            CustomFieldsPanel(),
-            ImageAttachmentsPanel(),
-        ],
-    )
 
     def get_extra_context(self, request, instance):
         return {
@@ -2323,27 +2306,6 @@ class DeviceRoleListView(generic.ObjectListView):
 @register_model_view(DeviceRole)
 class DeviceRoleView(GetRelatedModelsMixin, generic.ObjectView):
     queryset = DeviceRole.objects.all()
-    layout = layout.SimpleLayout(
-        left_panels=[
-            panels.DeviceRolePanel(),
-            TagsPanel(),
-        ],
-        right_panels=[
-            RelatedObjectsPanel(),
-            CustomFieldsPanel(),
-            CommentsPanel(),
-        ],
-        bottom_panels=[
-            ObjectsTablePanel(
-                model='dcim.DeviceRole',
-                title=_('Child Device Roles'),
-                filters={'parent_id': lambda ctx: ctx['object'].pk},
-                actions=[
-                    actions.AddObject('dcim.DeviceRole', url_params={'parent': lambda ctx: ctx['object'].pk}),
-                ],
-            ),
-        ]
-    )
 
     def get_extra_context(self, request, instance):
         return {
@@ -2423,27 +2385,6 @@ class PlatformListView(generic.ObjectListView):
 @register_model_view(Platform)
 class PlatformView(GetRelatedModelsMixin, generic.ObjectView):
     queryset = Platform.objects.all()
-    layout = layout.SimpleLayout(
-        left_panels=[
-            panels.PlatformPanel(),
-            TagsPanel(),
-        ],
-        right_panels=[
-            RelatedObjectsPanel(),
-            CustomFieldsPanel(),
-            CommentsPanel(),
-        ],
-        bottom_panels=[
-            ObjectsTablePanel(
-                model='dcim.Platform',
-                title=_('Child Platforms'),
-                filters={'parent_id': lambda ctx: ctx['object'].pk},
-                actions=[
-                    actions.AddObject('dcim.Platform', url_params={'parent': lambda ctx: ctx['object'].pk}),
-                ],
-            ),
-        ]
-    )
 
     def get_extra_context(self, request, instance):
         return {
@@ -2837,21 +2778,6 @@ class ModuleListView(generic.ObjectListView):
 @register_model_view(Module)
 class ModuleView(GetRelatedModelsMixin, generic.ObjectView):
     queryset = Module.objects.all()
-    layout = layout.SimpleLayout(
-        left_panels=[
-            panels.ModulePanel(),
-            TagsPanel(),
-            CommentsPanel(),
-        ],
-        right_panels=[
-            Panel(
-                title=_('Module Type'),
-                template_name='dcim/panels/module_type.html',
-            ),
-            RelatedObjectsPanel(),
-            CustomFieldsPanel(),
-        ],
-    )
 
     def get_extra_context(self, request, instance):
         return {

netbox/extras/managers.py

@@ -1,65 +0,0 @@
-from django.db import router
-from django.db.models import signals
-from taggit.managers import _TaggableManager
-
-__all__ = (
-    'NetBoxTaggableManager',
-)
-
-
-class NetBoxTaggableManager(_TaggableManager):
-    """
-    Extends taggit's _TaggableManager to replace the per-tag get_or_create loop in add() with a
-    single bulk_create() call, reducing SQL queries from O(N) to O(1) when assigning tags.
-    """
-
-    def add(self, *tags, through_defaults=None, tag_kwargs=None, **kwargs):
-        self._remove_prefetched_objects()
-        if tag_kwargs is None:
-            tag_kwargs = {}
-
-        tag_objs = self._to_tag_model_instances(tags, tag_kwargs)
-        new_ids = {t.pk for t in tag_objs}
-
-        # Determine which tags are not already assigned to this object
-        db = router.db_for_write(self.through, instance=self.instance)
-        vals = set(
-            self.through._default_manager.using(db)
-            .values_list("tag_id", flat=True)
-            .filter(**self._lookup_kwargs())
-        )
-        new_ids -= vals
-
-        if not new_ids:
-            return
-
-        signals.m2m_changed.send(
-            sender=self.through,
-            action="pre_add",
-            instance=self.instance,
-            reverse=False,
-            model=self.through.tag_model(),
-            pk_set=new_ids,
-            using=db,
-        )
-
-        # Use a single bulk INSERT instead of one get_or_create per tag.
-        lookup = self._lookup_kwargs()
-        self.through._default_manager.using(db).bulk_create(
-            [
-                self.through(tag=tag, **lookup, **(through_defaults or {}))
-                for tag in tag_objs
-                if tag.pk in new_ids
-            ],
-            ignore_conflicts=True,
-        )
-
-        signals.m2m_changed.send(
-            sender=self.through,
-            action="post_add",
-            instance=self.instance,
-            reverse=False,
-            model=self.through.tag_model(),
-            pk_set=new_ids,
-            using=db,
-        )

netbox/netbox/api/serializers/features.py

@@ -53,11 +53,8 @@ class TaggableModelSerializer(serializers.Serializer):
 
     def _save_tags(self, instance, tags):
         if tags:
-            # Cache tags on instance so serialize_object() can reuse them without a DB query
-            instance._tags = tags
             instance.tags.set([t.name for t in tags])
         else:
-            instance._tags = []
             instance.tags.clear()
 
         return instance

netbox/netbox/graphql/filter_lookups.py

@@ -79,9 +79,6 @@ class IntegerLookup:
         if not filters:
             return queryset, Q()
 
-        if isinstance(filters, RangeLookup):
-            prefix = f'{prefix}range__'
-
         return process_filters(filters=filters, queryset=queryset, info=info, prefix=prefix)
 
 
@@ -105,9 +102,6 @@ class BigIntegerLookup:
         if not filters:
             return queryset, Q()
 
-        if isinstance(filters, RangeLookup):
-            prefix = f'{prefix}range__'
-
         return process_filters(filters=filters, queryset=queryset, info=info, prefix=prefix)
 
 
@@ -131,9 +125,6 @@ class FloatLookup:
         if not filters:
             return queryset, Q()
 
-        if isinstance(filters, RangeLookup):
-            prefix = f'{prefix}range__'
-
         return process_filters(filters=filters, queryset=queryset, info=info, prefix=prefix)
 
 

netbox/netbox/models/features.py

@@ -15,7 +15,6 @@ from core.choices import JobStatusChoices, ObjectChangeActionChoices
 from core.models import ObjectType
 from extras.choices import *
 from extras.constants import CUSTOMFIELD_EMPTY_VALUES
-from extras.managers import NetBoxTaggableManager
 from extras.utils import is_taggable
 from netbox.config import get_config
 from netbox.constants import CORE_APPS
@@ -488,12 +487,11 @@ class JournalingMixin(models.Model):
 class TagsMixin(models.Model):
     """
     Enables support for tag assignment. Assigned tags can be managed via the `tags` attribute,
-    which is a `NetBoxTaggableManager` instance.
+    which is a `TaggableManager` instance.
     """
     tags = TaggableManager(
         through='extras.TaggedItem',
         ordering=('weight', 'name'),
-        manager=NetBoxTaggableManager,
     )
 
     class Meta:

netbox/netbox/tests/test_graphql.py

@@ -5,7 +5,7 @@ from django.urls import reverse
 from rest_framework import status
 
 from dcim.choices import LocationStatusChoices
-from dcim.models import Device, DeviceRole, DeviceType, Location, Manufacturer, Site, VirtualChassis
+from dcim.models import Location, Site
 from utilities.testing import APITestCase, TestCase, disable_warnings
 
 
@@ -138,40 +138,6 @@ class GraphQLAPITestCase(APITestCase):
         self.assertNotIn('errors', data)
         self.assertEqual(len(data['data']['site']['locations']), 0)
 
-    def test_graphql_integer_range_lookup(self):
-        """
-        Test that range_lookup works for integer fields (e.g. vc_position). Regression test for #20468.
-        """
-        self.add_permissions('dcim.view_device')
-        url = reverse('graphql')
-
-        manufacturer = Manufacturer.objects.create(name='Test Manufacturer', slug='test-manufacturer')
-        device_type = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device', slug='test-device')
-        device_role = DeviceRole.objects.create(name='Test Role', slug='test-role')
-        site = Site.objects.first()
-        vc = VirtualChassis.objects.create(name='Test VC')
-
-        devices = [
-            Device(name=f'Device {i}', device_type=device_type, role=device_role, site=site,
-                   virtual_chassis=vc, vc_position=i)
-            for i in range(1, 6)
-        ]
-        Device.objects.bulk_create(devices)
-
-        # range_lookup should return devices with vc_position between 2 and 4 inclusive
-        query = """
-        {
-            device_list(filters: {vc_position: {range_lookup: {start: 2, end: 4}}}) {
-                id name
-            }
-        }
-        """
-        response = self.client.post(url, data={'query': query}, format="json", **self.header)
-        self.assertHttpStatus(response, status.HTTP_200_OK)
-        data = json.loads(response.content)
-        self.assertNotIn('errors', data)
-        self.assertEqual(len(data['data']['device_list']), 3)
-
     def test_offset_pagination(self):
         self.add_permissions('dcim.view_site')
         url = reverse('graphql')

netbox/netbox/ui/panels.py

@@ -44,18 +44,15 @@ class Panel:
     Parameters:
         title (str): The human-friendly title of the panel
         actions (list): An iterable of PanelActions to include in the panel header
-        template_name (str): Overrides the default template name, if defined
     """
     template_name = None
     title = None
     actions = None
 
-    def __init__(self, title=None, actions=None, template_name=None):
+    def __init__(self, title=None, actions=None):
         if title is not None:
             self.title = title
         self.actions = actions or self.actions or []
-        if template_name is not None:
-            self.template_name = template_name
 
     def get_context(self, context):
         """
@@ -320,8 +317,9 @@ class TemplatePanel(Panel):
     Parameters:
         template_name (str): The name of the template to render
     """
-    def __init__(self, template_name):
-        super().__init__(template_name=template_name)
+    def __init__(self, template_name, **kwargs):
+        super().__init__(**kwargs)
+        self.template_name = template_name
 
     def render(self, context):
         # Pass the entire context to the template

netbox/templates/dcim/devicerole.html

@@ -15,3 +15,67 @@
     </a>
   {% endif %}
 {% endblock extra_controls %}
+
+{% block content %}
+<div class="row mb-3">
+	<div class="col col-12 col-md-6">
+    <div class="card">
+      <h2 class="card-header">{% trans "Device Role" %}</h2>
+      <table class="table table-hover attr-table">
+        <tr>
+          <th scope="row">{% trans "Name" %}</th>
+          <td>{{ object.name }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Description" %}</th>
+          <td>{{ object.description|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Parent" %}</th>
+          <td>{{ object.parent|linkify|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Color" %}</th>
+          <td>
+            <span class="badge color-label" style="background-color: #{{ object.color }}">&nbsp;</span>
+          </td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "VM Role" %}</th>
+          <td>{% checkmark object.vm_role %}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Config Template" %}</th>
+          <td>{{ object.config_template|linkify|placeholder }}</td>
+        </tr>
+      </table>
+    </div>
+    {% include 'inc/panels/tags.html' %}
+    {% plugin_left_page object %}
+	</div>
+	<div class="col col-12 col-md-6">
+    {% include 'inc/panels/related_objects.html' %}
+    {% include 'inc/panels/custom_fields.html' %}
+    {% include 'inc/panels/comments.html' %}
+    {% plugin_right_page object %}
+  </div>
+</div>
+<div class="row mb-3">
+	<div class="col col-md-12">
+    <div class="card">
+      <h2 class="card-header">
+        {% trans "Child Device Roles" %}
+        {% if perms.dcim.add_devicerole %}
+          <div class="card-actions">
+            <a href="{% url 'dcim:devicerole_add' %}?parent={{ object.pk }}&return_url={{ object.get_absolute_url }}" class="btn btn-ghost-primary btn-sm">
+              <i class="mdi mdi-plus-thick" aria-hidden="true"></i> {% trans "Add a Device Role" %}
+            </a>
+          </div>
+        {% endif %}
+      </h2>
+      {% htmx_table 'dcim:devicerole_list' parent_id=object.pk %}
+    </div>
+    {% plugin_full_width_page object %}
+  </div>
+</div>
+{% endblock %}

netbox/templates/dcim/module.html

@@ -46,3 +46,75 @@
     </div>
   {% endif %}
 {% endblock %}
+
+{% block content %}
+<div class="row">
+	<div class="col col-12 col-md-6">
+    <div class="card">
+      <h2 class="card-header">{% trans "Module" %}</h2>
+      <table class="table table-hover attr-table">
+        <tr>
+          <th scope="row">{% trans "Device" %}</th>
+          <td>{{ object.device|linkify }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Device Type" %}</th>
+          <td>{{ object.device.device_type|linkify }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Module Bay" %}</th>
+          <td>{% nested_tree object.module_bay %}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Status" %}</th>
+          <td>{% badge object.get_status_display bg_color=object.get_status_color %}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Description" %}</th>
+          <td>{{ object.description|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Serial Number" %}</th>
+          <td class="font-monospace">{{ object.serial|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Asset Tag" %}</th>
+          <td class="font-monospace">{{ object.asset_tag|placeholder }}</td>
+        </tr>
+      </table>
+    </div>
+    {% include 'inc/panels/tags.html' %}
+    {% include 'inc/panels/comments.html' %}
+    {% plugin_left_page object %}
+  </div>
+  <div class="col col-12 col-md-6">
+    <div class="card">
+      <h2 class="card-header">{% trans "Module Type" %}</h2>
+      <table class="table table-hover attr-table">
+        <tr>
+          <th scope="row">{% trans "Manufacturer" %}</th>
+          <td>{{ object.module_type.manufacturer|linkify }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Model" %}</th>
+          <td>{{ object.module_type|linkify }}</td>
+        </tr>
+        {% for k, v in object.module_type.attributes.items %}
+          <tr>
+            <th scope="row">{{ k }}</th>
+            <td>{{ v|placeholder }}</td>
+          </tr>
+        {% endfor %}
+      </table>
+    </div>
+    {% include 'inc/panels/related_objects.html' %}
+    {% include 'inc/panels/custom_fields.html' %}
+    {% plugin_right_page object %}
+	</div>
+</div>
+<div class="row">
+  <div class="col col-md-12">
+    {% plugin_full_width_page object %}
+  </div>
+</div>
+{% endblock %}

netbox/templates/dcim/moduletype.html

@@ -1,4 +1,7 @@
 {% extends 'generic/object.html' %}
+{% load buttons %}
+{% load helpers %}
+{% load plugins %}
 {% load i18n %}
 
 {% block title %}{{ object.manufacturer }} {{ object.model }}{% endblock %}
@@ -11,5 +14,92 @@
 {% endblock %}
 
 {% block extra_controls %}
-  {% include 'dcim/inc/moduletype_buttons.html' %}
+  {%  include 'dcim/inc/moduletype_buttons.html' %}
+{% endblock %}
+
+{% block content %}
+  <div class="row">
+    <div class="col col-12 col-md-6">
+      <div class="card">
+        <h2 class="card-header">{% trans "Module Type" %}</h2>
+        <table class="table table-hover attr-table">
+          <tr>
+            <th scope="row">{% trans "Profile" %}</th>
+            <td>{{ object.profile|linkify|placeholder }}</td>
+          </tr>
+          <tr>
+            <th scope="row">{% trans "Manufacturer" %}</th>
+            <td>{{ object.manufacturer|linkify }}</td>
+          </tr>
+          <tr>
+            <th scope="row">{% trans "Model Name" %}</th>
+            <td>{{ object.model }}</td>
+          </tr>
+          <tr>
+            <th scope="row">{% trans "Part Number" %}</th>
+            <td>{{ object.part_number|placeholder }}</td>
+          </tr>
+          <tr>
+            <th scope="row">{% trans "Description" %}</th>
+            <td>{{ object.description|placeholder }}</td>
+          </tr>
+          <tr>
+            <th scope="row">{% trans "Airflow" %}</th>
+            <td>{{ object.get_airflow_display|placeholder }}</td>
+          </tr>
+          <tr>
+            <th scope="row">{% trans "Weight" %}</th>
+            <td>
+            {% if object.weight %}
+              {{ object.weight|floatformat }} {{ object.get_weight_unit_display }}
+            {% else %}
+              {{ ''|placeholder }}
+            {% endif %}
+            </td>
+          </tr>
+        </table>
+      </div>
+      {% include 'inc/panels/tags.html' %}
+      {% include 'inc/panels/comments.html' %}
+      {% plugin_left_page object %}
+    </div>
+    <div class="col col-12 col-md-6">
+      <div class="card">
+        <h2 class="card-header">{% trans "Attributes" %}</h2>
+        {% if not object.profile %}
+          <div class="card-body text-muted">
+            {% trans "No profile assigned" %}
+          </div>
+        {% elif object.attributes %}
+          <table class="table table-hover attr-table">
+            {% for k, v in object.attributes.items %}
+              <tr>
+                <th scope="row">{{ k }}</th>
+                <td>
+                  {% if v is True or v is False %}
+                    {% checkmark v %}
+                  {% else %}
+                    {{ v|placeholder }}
+                  {% endif %}
+                </td>
+              </tr>
+            {% endfor %}
+          </table>
+        {% else %}
+          <div class="card-body text-muted">
+            {% trans "None" %}
+          </div>
+        {% endif %}
+      </div>
+      {% include 'inc/panels/related_objects.html' %}
+      {% include 'inc/panels/custom_fields.html' %}
+      {% include 'inc/panels/image_attachments.html' %}
+      {% plugin_right_page object %}
+    </div>
+  </div>
+  <div class="row">
+    <div class="col col-md-12">
+      {% plugin_full_width_page object %}
+    </div>
+  </div>
 {% endblock %}

netbox/templates/dcim/panels/module_type.html

@@ -1,27 +0,0 @@
-{% extends "ui/panels/_base.html" %}
-{% load helpers i18n %}
-
-{% block panel_content %}
-  <table class="table table-hover attr-table">
-    <tr>
-      <th scope="row">{% trans "Manufacturer" %}</th>
-      <td>{{ object.module_type.manufacturer|linkify }}</td>
-    </tr>
-    <tr>
-      <th scope="row">{% trans "Model" %}</th>
-      <td>{{ object.module_type|linkify }}</td>
-    </tr>
-    {% for k, v in object.module_type.attributes.items %}
-      <tr>
-        <th scope="row">{{ k }}</th>
-        <td>
-          {% if v is True or v is False %}
-            {% checkmark v %}
-          {% else %}
-            {{ v|placeholder }}
-          {% endif %}
-        </td>
-      </tr>
-    {% endfor %}
-  </table>
-{% endblock panel_content %}

netbox/templates/dcim/panels/module_type_attributes.html

@@ -1,29 +0,0 @@
-{% extends "ui/panels/_base.html" %}
-{% load helpers i18n %}
-
-{% block panel_content %}
-  {% if not object.profile %}
-    <div class="card-body text-muted">
-      {% trans "No profile assigned" %}
-    </div>
-  {% elif object.attributes %}
-    <table class="table table-hover attr-table">
-      {% for k, v in object.attributes.items %}
-        <tr>
-          <th scope="row">{{ k }}</th>
-          <td>
-            {% if v is True or v is False %}
-              {% checkmark v %}
-            {% else %}
-              {{ v|placeholder }}
-            {% endif %}
-          </td>
-        </tr>
-      {% endfor %}
-    </table>
-  {% else %}
-    <div class="card-body text-muted">
-      {% trans "None" %}
-    </div>
-  {% endif %}
-{% endblock panel_content %}

netbox/templates/dcim/platform.html

@@ -18,3 +18,61 @@
     </a>
   {% endif %}
 {% endblock extra_controls %}
+
+{% block content %}
+<div class="row mb-3">
+	<div class="col col-12 col-md-6">
+    <div class="card">
+      <h2 class="card-header">{% trans "Platform" %}</h2>
+      <table class="table table-hover attr-table">
+        <tr>
+          <th scope="row">{% trans "Name" %}</th>
+          <td>{{ object.name }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Description" %}</th>
+          <td>{{ object.description|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Parent" %}</th>
+          <td>{{ object.parent|linkify|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Manufacturer" %}</th>
+          <td>{{ object.manufacturer|linkify|placeholder }}</td>
+        </tr>
+        <tr>
+          <th scope="row">{% trans "Config Template" %}</th>
+          <td>{{ object.config_template|linkify|placeholder }}</td>
+        </tr>
+      </table>
+    </div>
+    {% include 'inc/panels/tags.html' %}
+    {% plugin_left_page object %}
+	</div>
+	<div class="col col-12 col-md-6">
+    {% include 'inc/panels/related_objects.html' %}
+    {% include 'inc/panels/custom_fields.html' %}
+    {% include 'inc/panels/comments.html' %}
+    {% plugin_right_page object %}
+  </div>
+</div>
+<div class="row mb-3">
+	<div class="col col-md-12">
+    <div class="card">
+      <h2 class="card-header">
+        {% trans "Child Platforms" %}
+        {% if perms.dcim.add_platform %}
+          <div class="card-actions">
+            <a href="{% url 'dcim:platform_add' %}?parent={{ object.pk }}&return_url={{ object.get_absolute_url }}" class="btn btn-ghost-primary btn-sm">
+              <i class="mdi mdi-plus-thick" aria-hidden="true"></i> {% trans "Add a Platform" %}
+            </a>
+          </div>
+        {% endif %}
+      </h2>
+      {% htmx_table 'dcim:platform_list' parent_id=object.pk %}
+    </div>
+    {% plugin_full_width_page object %}
+  </div>
+</div>
+{% endblock %}

netbox/templates/generic/object_list.html

@@ -92,7 +92,7 @@ Context:
 
         <div class="form form-horizontal">
           {% csrf_token %}
-          <input type="hidden" id="object-list-return-url" name="return_url" value="{% if return_url %}{{ return_url }}{% else %}{{ request.path }}{% if request.GET %}?{{ request.GET.urlencode }}{% endif %}{% endif %}" />
+          <input type="hidden" name="return_url" value="{% if return_url %}{{ return_url }}{% else %}{{ request.path }}{% if request.GET %}?{{ request.GET.urlencode }}{% endif %}{% endif %}" />
 
           {# Warn of any missing prerequisite objects #}
           {% if prerequisite_model %}

netbox/templates/htmx/table.html

@@ -32,9 +32,4 @@
       {% action_buttons actions model multi=True %}
     </div>
   {% endif %}
-
-  {# Update the return_url to reflect any changed query parameters (e.g. per_page) #}
-  {% if not table.embedded %}
-    <input type="hidden" id="object-list-return-url" name="return_url" value="{{ request.get_full_path }}" hx-swap-oob="outerHTML:#object-list-return-url" />
-  {% endif %}
 {% endif %}

netbox/utilities/constants.py

@@ -38,6 +38,7 @@ FILTER_TREENODE_NEGATION_LOOKUP_MAP = dict(
 # HTTP Request META safe copy
 #
 
+# Non-HTTP_ META keys to include when copying a request (whitelist)
 HTTP_REQUEST_META_SAFE_COPY = [
     'CONTENT_LENGTH',
     'CONTENT_TYPE',
@@ -61,6 +62,13 @@ HTTP_REQUEST_META_SAFE_COPY = [
     'SERVER_PORT',
 ]
 
+# HTTP_ META keys known to carry sensitive data; excluded when copying a request (denylist)
+HTTP_REQUEST_META_SENSITIVE = {
+    'HTTP_AUTHORIZATION',
+    'HTTP_COOKIE',
+    'HTTP_PROXY_AUTHORIZATION',
+}
+
 
 #
 # CSV-style format delimiters

netbox/utilities/request.py

@@ -8,7 +8,7 @@ from netaddr import AddrFormatError, IPAddress
 
 from netbox.registry import registry
 
-from .constants import HTTP_REQUEST_META_SAFE_COPY
+from .constants import HTTP_REQUEST_META_SAFE_COPY, HTTP_REQUEST_META_SENSITIVE
 
 __all__ = (
     'NetBoxFakeRequest',
@@ -45,11 +45,14 @@ def copy_safe_request(request, include_files=True):
         request: The original request object
         include_files: Whether to include request.FILES.
     """
-    meta = {
-        k: request.META[k]
-        for k in HTTP_REQUEST_META_SAFE_COPY
-        if k in request.META and isinstance(request.META[k], str)
-    }
+    meta = {}
+    for k, v in request.META.items():
+        if not isinstance(v, str):
+            continue
+        if k in HTTP_REQUEST_META_SAFE_COPY:
+            meta[k] = v
+        elif k.startswith('HTTP_') and k not in HTTP_REQUEST_META_SENSITIVE:
+            meta[k] = v
     data = {
         'META': meta,
         'COOKIES': request.COOKIES,

netbox/utilities/tests/test_request.py

@@ -1,7 +1,42 @@
+from django.contrib.auth.models import AnonymousUser
 from django.test import RequestFactory, TestCase
 from netaddr import IPAddress
 
-from utilities.request import get_client_ip
+from utilities.request import copy_safe_request, get_client_ip
+
+
+class CopySafeRequestTests(TestCase):
+    def setUp(self):
+        self.factory = RequestFactory()
+
+    def _make_request(self, **kwargs):
+        request = self.factory.get('/', **kwargs)
+        request.user = AnonymousUser()
+        return request
+
+    def test_standard_meta_keys_copied(self):
+        request = self._make_request(HTTP_USER_AGENT='TestAgent/1.0')
+        fake = copy_safe_request(request)
+        self.assertEqual(fake.META.get('HTTP_USER_AGENT'), 'TestAgent/1.0')
+
+    def test_arbitrary_http_headers_copied(self):
+        """Arbitrary HTTP_ headers (e.g. X-NetBox-*) should be included."""
+        request = self._make_request(HTTP_X_NETBOX_BRANCH='my-branch')
+        fake = copy_safe_request(request)
+        self.assertEqual(fake.META.get('HTTP_X_NETBOX_BRANCH'), 'my-branch')
+
+    def test_sensitive_headers_excluded(self):
+        """Authorization and Cookie headers must not be copied."""
+        request = self._make_request(HTTP_AUTHORIZATION='Bearer secret')
+        fake = copy_safe_request(request)
+        self.assertNotIn('HTTP_AUTHORIZATION', fake.META)
+
+    def test_non_string_meta_values_excluded(self):
+        """Non-string META values must not be copied."""
+        request = self._make_request()
+        request.META['HTTP_X_CUSTOM_INT'] = 42
+        fake = copy_safe_request(request)
+        self.assertNotIn('HTTP_X_CUSTOM_INT', fake.META)
 
 
 class GetClientIPTests(TestCase):