Safe internal URLs

[giohappy]

No description provided.

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to bypass the is_safe_url security check in the proxy view using a new safe_url keyword argument or a global SAFE_URL_CHECK_ENABLED setting. A critical security issue was identified in geonode/proxy/views.py where the logic for bypassing the check is flawed, potentially leading to a Server-Side Request Forgery (SSRF) vulnerability because the safety check is inadvertently skipped when the safe_url argument is not provided.

[codecov]

Codecov Report

❌ Patch coverage is 42.85714% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.21%. Comparing base (32ab42e) to head (c434abc).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14203      +/-   ##
==========================================
+ Coverage   64.82%   66.21%   +1.39%     
==========================================
  Files         960      960              
  Lines       58865    58871       +6     
  Branches     8069     8072       +3     
==========================================
+ Hits        38159    38982     +823     
+ Misses      19083    18240     -843     
- Partials     1623     1649      +26     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.