Skip to content

Match flexible static file version in nginx sample config #12521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 5, 2018
Merged

Match flexible static file version in nginx sample config #12521

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion nginx.conf.sample
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ location /static/ {

# Remove signature of the static files that is used to overcome the browser cache
location ~ ^/static/version {
rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
rewrite ^/static/(version[^/]+/)?(.*)$ /static/$2 last;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this regex change will have the desired effect but what if we updated it to keep in the same style as before? Something like rewrite ^/static/(version[\w\d]*/)?(.*)$ /static/$2 last; this would then match any word or digit character. Or was there another reason for your choice @scottsb

Copy link
Member Author

@scottsb scottsb Dec 15, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of the fact that the version can be specified as a command line argument and no characters are filtered out, I don't think \w\d is sufficient. For example, that would not match a hyphen, which is allowed by the --content-version argument.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know if there is validation on the --content-version call? I would worry that anything but / would be a bit too wide and could cause issues.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no validation. Whatever is passed in is used:

magento2/app/code/Magento/Deploy/Service/DeployStaticContent.php

Line 78 in 2275b89

$version = !empty($options[Options::CONTENT_VERSION]) && is_string($options[Options::CONTENT_VERSION])

I tested, and it will even accept characters that really shouldn't be allowed like / and even ?. Validation should be added to the deploy command to block those, but here in nginx, I can't see any issue with the broad match.

I'll open a separate issue for the need for validation on the command.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback @scottsb good to know that you will open an issue about validation on the command side. I would also suggest that in this new issue it might be a good idea to also update the regex to fit the requirements of the new validation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the great discussion and feedback @dmanners and @scottsb. I will process this PR then.

}

location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
Expand Down