Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Theming app caches complete URLs in APCu cache #5675

Closed
smueller18 opened this issue Jul 10, 2017 · 3 comments
Closed

Theming app caches complete URLs in APCu cache #5675

smueller18 opened this issue Jul 10, 2017 · 3 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap feature: theming
Milestone
Nextcloud 13

Comments

@smueller18
Copy link
Contributor

Steps to reproduce

  1. Enable APCu as memcache.local
  2. allow multiple trusted domains

Expected behaviour

Showing logo and background image an all trusted domains using memcache.

Actual behaviour

The first request of /apps/theming/styles?v=CACHE_BUSTER creates the following entry for the key UNIQUE_ID/theminggetScssVariables in the APCu cache:

Array
(
    [theming-cachebuster] => '24'
    [theming-logo-mime] => ''
    [theming-background-mime] => ''
    [image-logo] => 'https://MY_DOMAIN/core/img/logo.svg?v=CACHE_BUSTER'
    [image-login-background] => 'https://MY_DOMAIN/core/img/background.jpg?v=CACHE_BUSTER'
    [image-login-plain] => false
)

If a second tusted domain (MY_SECOND_DOMAIN) is called, the image-logo URL is loaded from the cache which shows to https://MY_DOMAIN/core/img/logo.svg?v=CACHE_BUSTER and therefore results in the following browser error:

Refused to load the image 'https://MY_DOMAIN/core/img/background.jpg?v=CACHE_BUSTER' because it violates the following Content Security Policy directive: "img-src 'self' data: blob:".

I inspected the nextcloud code a bit and think in this two lines the function $this->urlGenerator->getAbsoluteURL() has to be removed:

$variables['image-logo'] = "'".$this->getLogo()."'";
$variables['image-login-background'] = "'".$this->getBackground()."'";

I did this fix in my current installation and it works so far.
If you want, I can start a pull request.

Server configuration

Nextcloud version: 12.0.0

Nextcloud configuration:

Config report 
...
'memcache.local' => '\\OC\\Memcache\\APCu',
...

Client configuration

Browser: Chrome Version 58.0.3029.110
@MorrisJobke
Copy link
Member

@juliushaertl Haven't you worked on this recently?

@MorrisJobke MorrisJobke added 0. Needs triage Pending check for reproducibility or if it fits our roadmap feature: theming labels Jul 11, 2017
@juliusknorr
Copy link
Member

@MorrisJobke @smueller18 Yep, this is a duplicate of #5329 and has been fixed with #5429. It has also been backported to stable12.

@MorrisJobke MorrisJobke added this to the Nextcloud 13 milestone Jul 11, 2017
@smueller18
Copy link
Contributor Author

Ok, this fixes the issue. But why not save all URLs without base URL for css files? Then you wouldn't need separate cache entries for each trusted domain and therefore could reduce complexity. Or wouldn't it be backwards compatible?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap feature: theming
Projects
None yet
Milestone
Nextcloud 13
Development

No branches or pull requests
3 participants
@MorrisJobke @juliusknorr @smueller18