-
-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: media library image signedUrl cache busting issue #18541
Fix: media library image signedUrl cache busting issue #18541
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested locally and it fixes the problem for us :)
packages/core/upload/admin/src/components/AssetCard/ImageAssetCard.js
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Marc-Roig can you review this change please 👍🏼
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me,
my question about this is, is there another way of not appending an updated by attribute in the image url?
This is a fix that might work for s3 signed urls, but many other providers might fail if you append invalid attributes like that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Marc-Roig I may be wrong but isn't the signFileUrls method of this file the default method which retrieves the signed urls from any (default or custom) provider? If it is, then the isUrlSigned property will be set correctly, regardless of which the current provider is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what I mean is that other providers, without using any url signing, could fail loading an image with an "updatedAt" parameter .
this is completely unrelated to your work, rather to the fact that we inject the udpatedAt parameter into the image url !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, so far we have only seen this issue when using signed urls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Marc-Roig I may be wrong but isn't the signFileUrls method of this file the default method which retrieves the signed urls from any (default or custom) provider? If it is, then the isUrlSigned property will be set correctly, regardless of which the current provider is.
Indeed, this is happening right now for the azure blob storage strapi upload plugin. It's causing double "?" parameters in the url and causes 403 forbidden signed errors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kevinvugts can you open another issue (or share it if you have already done this)
cc @joshuaellis
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with the FE change, I need Marc to approve too though.
* media library image signedUrl cache busting issue references #18443 * date query param typo * add asset isUrlSigned property, used as asset url cache busting condition * removed cacheBustUrl function, added inline comment to describe functionality
This pull request is currently causing issues when using uploads with @strapi When uploading images with a sass token to Azure Blob Storage using the strapi-provider-upload-azure-storage plugin this will cause a double "?" parameter in the url which is causing a 403 forbidden (signature invalid) issue on the Azure side. This is caused by the new cacheBusting feature that you guys introduced to prevents the browser from caching the URL for all sizes in combination with react-query. To be specific I have added the code below. This should be fixed or at least there should be a way to opt out of this.
|
What does it do?
Adds a new property called isUrlSigned to the admin upload file object, within the signFileUrls method. This property is later utilised in the ImageAssetCard component to determine whether cache-busting is required for the thumbnail URL.
Why is it needed?
Currently, when using the AWS S3 provider with AWS Signature Version 4 authentication with query params, images in the Asset Media Library appear broken. This is due to a "SignatureDoesNotMatch" error caused by the presence of the "updatedAt" parameter, which is used for cache busting. This error occurs because the "updatedAt" parameter is not included in the canonical URL for generating the AWS S3 signature.
This pull request adds the updatedAt cache busting parameter only when the thumbnail URLs are not signed, which fixes the issue.
How to test it?
Related issue(s)/PR(s)
Related to #18443