hazaar/framework
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

Updates to handle linked relative resources when using CDNJS local cache option. #92

New issue
Closed
opened 2017-10-26 02:04:07 +00:00 by jamie · 4 comments
jamie commented 2017-10-26 02:04:07 +00:00 (Migrated from git.hazaar.io)
Copy link

Say we cache resources locally using the CDNJS view helper and one of these resources is a CSS file that links to another resource using a relative URL, such as a font file using an @import call or PNG image file using a url() method. The browser will attempt to obtain this file using the location of the CSS file as the URL base. However, because the 'base' is the same for ALL resources loaded via the CDNJS view helper, the requests will fail.

We need to come up with a method that allows a library to be referenced via the URL so that relative URLs will also work. This may mean that we can no longer use the encoded query string to load resources and may have to revert to the traditional path method. This could potentially be harmful as it could possibly allow anyone to load a resource through the site, allowing it to be cached and hence increasing traffic. We will need to have protections in place to prevent this. I'm thinking a start may be a local index of files that have been linked so that we know we are allowed to provide access to them.

Say we cache resources locally using the CDNJS view helper and one of these resources is a CSS file that links to another resource using a relative URL, such as a font file using an ```@import``` call or PNG image file using a ```url()``` method. The browser will attempt to obtain this file using the location of the CSS file as the URL base. However, because the 'base' is the same for ALL resources loaded via the CDNJS view helper, the requests will fail. We need to come up with a method that allows a library to be referenced via the URL so that relative URLs will also work. This may mean that we can no longer use the encoded query string to load resources and may have to revert to the traditional path method. This could potentially be harmful as it could possibly allow anyone to load a resource through the site, allowing it to be cached and hence increasing traffic. We will need to have protections in place to prevent this. I'm thinking a start may be a local index of files that have been linked so that we know we are allowed to provide access to them.
jamie commented 2017-10-26 02:04:11 +00:00 (Migrated from git.hazaar.io)
Copy link

created branch 92-updates-to-handle-linked-relative-resources-when-using-cdnjs-local-cache-option

created branch [`92-updates-to-handle-linked-relative-resources-when-using-cdnjs-local-cache-option`](https://git.hazaarlabs.com/hazaar/hazaar-mvc/compare/master...92-updates-to-handle-linked-relative-resources-when-using-cdnjs-local-cache-option)
jamie commented 2017-10-26 02:04:13 +00:00 (Migrated from git.hazaar.io)
Copy link

mentioned in merge request !9

mentioned in merge request !9
jamie commented 2017-10-26 02:29:55 +00:00 (Migrated from git.hazaar.io)
Copy link

mentioned in commit a6f6cf0846

mentioned in commit a6f6cf08465b8c25c2d3816d85a1273640682205
jamie commented 2017-10-26 02:42:46 +00:00 (Migrated from git.hazaar.io)
Copy link

closed via commit 5c7069a5aa

closed via commit 5c7069a5aa700dc8b54c17212898b3990de2d165
jamie self-assigned this 2025-09-04 01:15:51 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
586-gitlab-ci-migration
297-feature-router-security
develop
No results found.
Labels
Clear labels   
bug

   
confirmed

   
critical

   
discussion

   
documentation

   
Doing

   
enhancement

   
experiment

Experimental Feature

  
suggestion

   
support

   
Testing

   
To Do
No labels
bug
confirmed
critical
discussion
documentation
Doing
enhancement
experiment
suggestion
support
Testing
To Do
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
jamie
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: hazaar/framework#92
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?