Vehicle Tracking Page Renderer

Overview

The VehiclePageRenderer is a custom website page renderer used to handle vehicle tracking pages in the logistics tracking system. It enables dynamic rendering of tracking pages when a user accesses a tracking URL such as:

/track/{tracking_id}

This renderer ensures that the correct tracking page is displayed and also applies security restrictions for embedding the tracking page inside external websites.

Route Configuration

page_renderer = "lnder_logistics.api.make_url_request.VehiclePageRenderer"

website_route_rules = [
    {"from_route": "/track/<tracking_id>", "to_route": "track"}
]

Purpose

These configurations define how tracking URLs are routed within the website.

page_renderer registers a custom renderer that handles how the page content should be generated.
website_route_rules maps dynamic tracking URLs to the internal tracking page.

Example URL

https://domain.com/track/7c2d9c0e-3c7e-4f21-b2e2-08a11d45a6c3

Here, the tracking_id is extracted and used to fetch logistics tracking information.

Class: VehiclePageRenderer

class VehiclePageRenderer(TemplatePage)

This class extends the default website renderer provided by the framework. It customizes how tracking pages are rendered when accessed by users.

Main Responsibilities

Detect whether the requested URL is a tracking page
Allow rendering only for valid tracking routes
Apply security headers for iframe embedding
Render the tracking page template

Method: can_render()

Purpose

Determines whether the current request should be handled by the VehiclePageRenderer.

Technical Flow

Retrieve the request path from the incoming HTTP request.
Check if the path starts with the allowed route prefix (/track).
If the path does not match, the renderer will not process the request.
If the path matches, the renderer delegates to the default rendering logic.

Example

/track/12345678

This path will be accepted and rendered by this renderer.

Method: render()

Purpose

Responsible for rendering the tracking page content.

Technical Behavior

Applies security headers before rendering.
Calls the parent rendering method.
Returns the rendered HTML page.

def render(self):
    self.set_headers()
    return super().render()

Method: set_headers()

Purpose

This method applies security restrictions for embedding the tracking page inside external websites using iframes.

Configuration Source

Allowed domains are retrieved from the Logistics Settings configuration.

allowed_origins = frappe.db.get_single_value(
    "Logistics Settings",
    "allowed_origins"
)

Technical Logic

Fetch allowed origins from Logistics Settings.
Split multiple domains defined in settings.
Construct a Content Security Policy header.
Attach the header to the HTTP response.

Generated Security Header

Content-Security-Policy:
frame-ancestors 'self' https://customer-domain.com

Purpose of the Header

Prevents unauthorized websites from embedding the tracking page
Allows only trusted customer domains
Improves security against clickjacking attacks

Example Use Case

A customer receives a logistics tracking link:

https://domain.com/track/7c2d9c0e

When the user opens the link:

The route rule maps the request to the tracking page.
The VehiclePageRenderer checks if it should handle the request.
Security headers are applied.
The tracking page template is rendered.
The frontend fetches live tracking data from APIs.

Key Features

Dynamic tracking URL support
Secure embedding of tracking pages
Custom page rendering for logistics tracking
Route-based tracking page access
Configurable iframe embedding permissions

Technical Benefits

Ensures tracking pages are accessible through clean URLs
Supports embedding tracking inside customer dashboards
Improves security with Content Security Policy headers
Provides flexible routing for tracking pages