You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Overload CanonicalURLMiddleware in user code and forward port this fix
The most ideal option here (option 2) is to release CWP 2.0.1 with framework 4.1.2 in it, but this will also bring other changes with it, unless we want to cherry pick and only release this single commit - this isn't a sustainable option though, we already did that for 4.1.1.
Note that we could take option 3 and overload the middleware in CWP only to forward port this fix. This would then be deprecated in CWP 2.1 and configuration for it removed - we could also mark the API as internal very explicitly and then remove it again in CWP 2.1 without as much of a strict semver obligation...
Ok have spoken on Slack with @chillu and @sminnee and agreed that the best solution for now is to overload CanonicalURLMiddleware in the cwp/cwp-core module and include the fix in silverstripe/silverstripe-framework#8158, then we can release a CWP 2.0.1 recipe which only differs in in that it contains this fix as well. This means we don't need to wait for a new SS 4.1.x recipe to be released, and don't introduce risk of commits that aren't security tested.
The introduction of silverstripe/cwp-core@cf330de means that
dev/build
redirects to HTTPS, which prevents it from working.Reproduce:
SS_ENVIRONMENT_TYPE
totest
vendor/bin/sake dev/build
Fix options:
The most ideal option here (option 2) is to release CWP 2.0.1 with framework 4.1.2 in it, but this will also bring other changes with it, unless we want to cherry pick and only release this single commit - this isn't a sustainable option though, we already did that for 4.1.1.
Note that we could take option 3 and overload the middleware in CWP only to forward port this fix. This would then be deprecated in CWP 2.1 and configuration for it removed - we could also mark the API as internal very explicitly and then remove it again in CWP 2.1 without as much of a strict semver obligation...
cc @jakedaleweb @chillu @tractorcow
The text was updated successfully, but these errors were encountered: