Commit 91cf2d1f authored by Jérome Perrin's avatar Jérome Perrin

software/theia: require credentials to serve the manifest

favicon, manifest and service worker do not need to be public, for
manifest it's required to explicitly make the link use credential.
parent 81775aec
Pipeline #30355 failed with stage
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
[preloadTemplate.html] [preloadTemplate.html]
_update_hash_filename_ = preloadTemplate.html _update_hash_filename_ = preloadTemplate.html
md5sum = 6343592161a349bb40e0de16ce67aa51 md5sum = a27e2cb34e4efe2ed0d4698f505554f0
[yarn.lock] [yarn.lock]
_update_hash_filename_ = yarn.lock _update_hash_filename_ = yarn.lock
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
link = document.createElement('link'); link = document.createElement('link');
link.rel = "manifest"; link.rel = "manifest";
link.href = "/theia.webmanifest"; link.href = "/theia.webmanifest";
link.crossOrigin = "use-credentials";
document.head.appendChild(link); document.head.appendChild(link);
if ('serviceWorker' in navigator) { if ('serviceWorker' in navigator) {
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
[instance-theia] [instance-theia]
_update_hash_filename_ = instance-theia.cfg.jinja.in _update_hash_filename_ = instance-theia.cfg.jinja.in
md5sum = c484bba770c6404ba0a5b2a958b07a68 md5sum = b31e74f018ae92607f4ff63984b33c7a
[instance] [instance]
_update_hash_filename_ = instance.cfg.in _update_hash_filename_ = instance.cfg.in
......
...@@ -260,15 +260,18 @@ content = ...@@ -260,15 +260,18 @@ content =
frontend app frontend app
log global log global
bind $${:ip}:$${:port} ssl crt $${frontend-instance-certificate:cert-file} alpn h2,http/1.1 bind $${:ip}:$${:port} ssl crt $${frontend-instance-certificate:cert-file} alpn h2,http/1.1
# writing twice the same ACL is doing OR
acl is_public path_beg /public/ acl is_public path_beg /public/
acl is_public path /$${frontend-instance-favicon.ico:filename}
acl is_public path /$${frontend-instance-theia.webmanifest:filename}
acl is_public path /$${frontend-instance-theia-serviceworker.js:filename}
acl auth_ok http_auth(basic-auth-list) acl auth_ok http_auth(basic-auth-list)
# writing twice the same ACL is doing OR
acl is_static path_beg /$${frontend-instance-fonts:folder-name}
acl is_static path_beg /$${frontend-instance-slapos.css:folder-name}
acl is_static path /$${frontend-instance-logo:filename}
acl is_static path /$${frontend-instance-favicon.ico:filename}
acl is_static path /$${frontend-instance-theia.webmanifest:filename}
acl is_static path /$${frontend-instance-theia-serviceworker.js:filename}
# No authentication for public folder # No authentication for public folder
http-request auth unless auth_ok || is_public http-request auth unless auth_ok || is_public
use_backend static if { path_beg /$${frontend-instance-fonts:folder-name} } || { path_beg /$${frontend-instance-slapos.css:folder-name} } || { path /$${frontend-instance-logo:filename} } || is_public use_backend static if is_static || is_public
default_backend nodejs default_backend nodejs
backend nodejs backend nodejs
......
...@@ -161,10 +161,22 @@ class TestTheia(TheiaTestCase): ...@@ -161,10 +161,22 @@ class TestTheia(TheiaTestCase):
self.assertIn('test_file', get('/public/')) self.assertIn('test_file', get('/public/'))
self.assertEqual('hello', get('/public/test_file')) self.assertEqual('hello', get('/public/test_file'))
# there's a (not empty) favicon (no need for authentication) # favicon is not empty
resp = self.get(urljoin(url, '/favicon.ico')) self.get(urljoin(url, '/favicon.ico'), requests.codes.unauthorized)
resp = self.get(urljoin(authenticated_url, '/favicon.ico'))
resp.raise_for_status()
self.assertTrue(resp.raw) self.assertTrue(resp.raw)
self.get(urljoin(url, '/theia-serviceworker.js'), requests.codes.unauthorized)
resp = self.get(urljoin(authenticated_url, '/theia-serviceworker.js'))
resp.raise_for_status()
self.assertTrue(resp.raw)
self.get(urljoin(url, '/theia.webmanifest'), requests.codes.unauthorized)
resp = self.get(urljoin(authenticated_url, '/theia.webmanifest'))
resp.raise_for_status()
self.assertIn('Theia SlapOS', resp.text)
# there is a CSS referencing fonts # there is a CSS referencing fonts
css_text = self.get(urljoin(authenticated_url, '/css/slapos.css')).text css_text = self.get(urljoin(authenticated_url, '/css/slapos.css')).text
css_urls = re.findall(r'url\([\'"]+([^\)]+)[\'"]+\)', css_text) css_urls = re.findall(r'url\([\'"]+([^\)]+)[\'"]+\)', css_text)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment