Discourse_docker (blocked:csp) error with svg-sprite when using subfolders

Feel free to visit https://sales-community-staging.rainmakers.co/sales-community/ to see issue. No guarantees on it being up forever.
I believe this is because it is not adding /sales-community to the url.
Let me know if providing app.yml or nginx.conf would be helpful.
This is on version: tests-passed.
Tried version: stable to fix, doesn’t compile on docker atm (mentioned in some other bug report I saw earlier, I was starting fresh, not downgrading)

Can some one give me ability to post more than one image :slight_smile:

1 Like

Did you follow the subfolder howto document?

Yes. Everything else works (posting, emails, avatar uploads, https, etc). All other resources have proper /sales-community subfolder URLs (as shown in the pic). Just the SVG broken.

# app.yml

stuff...

DISCOURSE_HOSTNAME: sales-community.rainmakers.co
DISCOURSE_RELATIVE_URL_ROOT: /sales-community

stuff...

run:
    - exec:
        cd: $home
        cmd:
          - mkdir -p public/sales-community
          - cd public/sales-community && ln -s ../uploads && ln -s ../backups
    - replace:
       global: true
       filename: /etc/nginx/conf.d/discourse.conf
       from: proxy_pass http://discourse;
       to: |
          rewrite ^/(.*)$ /sales-community/$1 break;
          proxy_pass http://discourse;
    - replace:
       filename: /etc/nginx/conf.d/discourse.conf
       from: etag off;
       to: |
          etag off;
          location /sales-community {
             rewrite ^/sales-community/?(.*)$ /$1;
          }
    - replace:
         filename: /etc/nginx/conf.d/discourse.conf
         from: $proxy_add_x_forwarded_for
         to: $http_your_original_ip_header
         global: true

Yeah, so the issue is not with CSP because the URL is just wrong, it’s apparently not being prefixed with the subfolder path, I think it needs to be added here ?

4 Likes

Hmm is this a sub folder bug @eviltrout?

We do have all the logic in place for SVG sprites in subfolder scenarios, and it’s used successfully by a number of sites. In this case, we’ve hit a very specific edge case. Checking the key variables in @vkozyrev’s site (on the browser console)

> Discourse.SvgSpritePath
"/svg-sprite/sales-community-staging.rainmakers.co/svg-2-8ed106e6e3d908b1b86898dfe93a7bac0fd358f4.js"
> Discourse.BaseUri
"/sales-community"

Looks good. Now, when we load the SVG sprite sheet, we use loadScript, which in turn calls Discourse.getURL. This function is responsible for adding the subfolder prefix. Trying that out:

> Discourse.getURL(Discourse.SvgSpritePath)
"/svg-sprite/sales-community-staging.rainmakers.co/svg-2-8ed106e6e3d908b1b86898dfe93a7bac0fd358f4.js"

Huh… that didn’t do anything. Another random URL works fine:

> Discourse.getURL("/blah")
"/sales-community/blah"

A little more digging turns up this line inside getUrl

if (url.indexOf(Discourse.BaseUri) !== -1) return url;

Or, in english, “if the URL already contains the subfolder prefix, give up”. So the issue here is that @vkozyrev’s subfolder prefix (/sales-community) is included in the middle of the SVG sprite sheet URL

/svg-sprite/sales-community-staging.rainmakers.co/svg-2-8ed106e6e3d908b1b86898dfe93a7bac0fd358f4.js

I’ve made the check more specific, so it only checks for the subfolder prefix at the beginning of the URL:

https://github.com/discourse/discourse/pull/8794

Although it does make me think of other potential issues… e.g. if someone wanted their subfolder prefix to be /t or /about, or any other URL which we use in Discourse :thinking:

10 Likes

@vkozyrev that’s now merged, so please update your site and let us know if it resolves the issue :slight_smile:

The issue is fixed @david.

This is an amazing edge case :smiley:. I do Rails (api-mode only) development, glad I didn’t go too far down the rabbit hole, I would have gotten lost in the client code.

In case you are curious, I have a proxy in front of this, so the sales-community subdomain is hidden from the users, they will just see the /sales-community in front of our main site’s URL. Main site is on heroku, so I can’t have a single nginx instance routing it all.

Thanks for the prompt replies & fix everyone!

6 Likes