Discourse_docker (blocked:csp) error with svg-sprite when using subfolders

Feel free to visit https://sales-community-staging.rainmakers.co/sales-community/ to see issue. No guarantees on it being up forever.
I believe this is because it is not adding /sales-community to the url.
Let me know if providing app.yml or nginx.conf would be helpful.
This is on version: tests-passed.
Tried version: stable to fix, doesn’t compile on docker atm (mentioned in some other bug report I saw earlier, I was starting fresh, not downgrading)

Screen Shot 2020-01-22 at 6.48.00 PM1277×1364 349 KB

Can some one give me ability to post more than one image

Did you follow the subfolder howto document?

Yes. Everything else works (posting, emails, avatar uploads, https, etc). All other resources have proper /sales-community subfolder URLs (as shown in the pic). Just the SVG broken.

# app.yml

stuff...

DISCOURSE_HOSTNAME: sales-community.rainmakers.co
DISCOURSE_RELATIVE_URL_ROOT: /sales-community

stuff...

run:
    - exec:
        cd: $home
        cmd:
          - mkdir -p public/sales-community
          - cd public/sales-community && ln -s ../uploads && ln -s ../backups
    - replace:
       global: true
       filename: /etc/nginx/conf.d/discourse.conf
       from: proxy_pass http://discourse;
       to: |
          rewrite ^/(.*)$ /sales-community/$1 break;
          proxy_pass http://discourse;
    - replace:
       filename: /etc/nginx/conf.d/discourse.conf
       from: etag off;
       to: |
          etag off;
          location /sales-community {
             rewrite ^/sales-community/?(.*)$ /$1;
          }
    - replace:
         filename: /etc/nginx/conf.d/discourse.conf
         from: $proxy_add_x_forwarded_for
         to: $http_your_original_ip_header
         global: true

Yeah, so the issue is not with CSP because the URL is just wrong, it’s apparently not being prefixed with the subfolder path, I think it needs to be added here ?

Hmm is this a sub folder bug @eviltrout?

We do have all the logic in place for SVG sprites in subfolder scenarios, and it’s used successfully by a number of sites. In this case, we’ve hit a very specific edge case. Checking the key variables in @vkozyrev’s site (on the browser console)

> Discourse.SvgSpritePath
"/svg-sprite/sales-community-staging.rainmakers.co/svg-2-8ed106e6e3d908b1b86898dfe93a7bac0fd358f4.js"
> Discourse.BaseUri
"/sales-community"

Looks good. Now, when we load the SVG sprite sheet, we use loadScript, which in turn calls Discourse.getURL. This function is responsible for adding the subfolder prefix. Trying that out:

> Discourse.getURL(Discourse.SvgSpritePath)
"/svg-sprite/sales-community-staging.rainmakers.co/svg-2-8ed106e6e3d908b1b86898dfe93a7bac0fd358f4.js"

Huh… that didn’t do anything. Another random URL works fine:

> Discourse.getURL("/blah")
"/sales-community/blah"

A little more digging turns up this line inside getUrl

if (url.indexOf(Discourse.BaseUri) !== -1) return url;

Or, in english, “if the URL already contains the subfolder prefix, give up”. So the issue here is that @vkozyrev’s subfolder prefix (/sales-community) is included in the middle of the SVG sprite sheet URL

/svg-sprite/sales-community-staging.rainmakers.co/svg-2-8ed106e6e3d908b1b86898dfe93a7bac0fd358f4.js

I’ve made the check more specific, so it only checks for the subfolder prefix at the beginning of the URL:

https://github.com/discourse/discourse/pull/8794

Although it does make me think of other potential issues… e.g. if someone wanted their subfolder prefix to be /t or /about, or any other URL which we use in Discourse

@vkozyrev that’s now merged, so please update your site and let us know if it resolves the issue

The issue is fixed @david.

This is an amazing edge case . I do Rails (api-mode only) development, glad I didn’t go too far down the rabbit hole, I would have gotten lost in the client code.

In case you are curious, I have a proxy in front of this, so the sales-community subdomain is hidden from the users, they will just see the /sales-community in front of our main site’s URL. Main site is on heroku, so I can’t have a single nginx instance routing it all.

Thanks for the prompt replies & fix everyone!