Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

url parameter base fixed verion strategy [SPR-15892] #20446

Closed
spring-projects-issues opened this issue Aug 23, 2017 · 2 comments
Closed

url parameter base fixed verion strategy [SPR-15892] #20446

spring-projects-issues opened this issue Aug 23, 2017 · 2 comments
Labels
status: declined

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented Aug 23, 2017

Zsolt Fatér opened SPR-15892 and commented

Pull request url: #1503

Prefix based version path strategy has a problem with css.

If css include any relative url, the server can not resolve relative url, because it has two version prefix in the url.

Example

The version: 1.0.0

The css url: http://localhost/application/1.0.0/css/test.css

Original css content

body {
    background-image: url("img/picture.jpg");
    background-size: cover;
}

Modified css content

body {
    background-image: url("1.0.0/img/picture.jpg");
    background-size: cover;
}

The picture.jpg url will be: http://localhost/application/1.0.0/css/1.0.0/img/picture.jpg but the expected is http://locahost/application/1.0.0/css/img/picture.jpg

Solution

We was make the UrlParameterFixedVersrionStrategy class.

The css url: http://localhost/application/css/test.css?v=1.0.0

Modified css content

body {
    background-image: url("img/picture.jpg?v=1.0.0");
    background-size: cover;
}

the picture.jpg url: http://localhost/application/css/img/picture.jpg?v=1.0.0

MvcConfig example

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.resource.AbstractVersionStrategy;
import org.springframework.web.servlet.resource.UrlParameterFixedVersionStrategy;
import org.springframework.web.servlet.resource.VersionResourceResolver;

@Configuration
@ComponentScan({"test.controller"})
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        AbstractVersionStrategy fixedVersionStrategy = new UrlParameterFixedVersionStrategy("1.0.0");
        VersionResourceResolver versionResourceResolver = new VersionResourceResolver()
                .addVersionStrategy(fixedVersionStrategy, "/**");

        registry.addResourceHandler("/**")
                .addResourceLocations("classpath:/other-resources/")
                .resourceChain(true)
                .addResolver(versionResourceResolver);
    }

}

Reference URL: #1503

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Aug 24, 2017

Brian Clozel commented

Hi Zsolt Fatér!

The issue you're describing seems to be solved with #19166.
I'm also a bit hesitant about the PR for two reasons:

  • Many (outdated?) resources still point that using the query string for that is not the best idea; I understand that most proxies now support that, but it seems CDNs don't always enable that by default (i.e. they don't consider by default the query string for caching purposes)
  • Looking at the code parsing/updating the query string, it seems to be too much involved and could be a source of security issues. When it comes to serving static resources, there are many pitfalls coming with the processing of the request URL (see this CVE, for example).

We've considered backporting #19166 to the 4.x branch, but it was already a big change of behaviour back then - it's even worse now with 4.x being very stable and in maintenance mode.

Thanks for creating this issue (and your contribution)!

@spring-projects-issues spring-projects-issues added type: enhancement in: web labels Jan 11, 2019
@bclozel bclozel added status: declined and removed in: web type: enhancement labels Apr 1, 2020
@bclozel
Copy link
Member

@bclozel bclozel commented Apr 1, 2020

Closing this as #19166 solves the use case described here. We didn't get much demand for this nor new use cases.

@bclozel bclozel closed this as completed Apr 1, 2020
@jhoeller jhoeller removed this from the General Backlog milestone Apr 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: declined
Projects
None yet
Development

No branches or pull requests

3 participants