Uploaded image for project: 'SiteMesh'
  1. SiteMesh

The base URL used to retrieve fragments should be configurable


    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.2
    • Fix Version/s: 1.0.3
    • Labels:
    • Documentation update required:
    • Sprint:
      Kromeriz 41
    • Story Points:
    • Magnolia Release:


      The sitemesh module simply relies on the original browser URL to make its fragment requests. This is problematic for three reasons:

      1) Security: The application server needs to be able to access local routs using the same URL as end users. However, in many setups there are firewalls in place between the app server and the system which the respective DNS entries point to (e.g. the load balancer).

      2) Performance: This is very inefficient since to receive a fragment instead of requesting it directly from localhost, the request will go (in our case) a load balancer, firewall and reverse proxy simply to get at data which is available on the same machine.

      3) Reliability: In cases where the fragment relies on sticky sessions (which is not that unlikely, since user specific components are certainly one of the main use cases), the server might get the fragment not from itself but from some other app server since there is not way for the load balancer to know which server the request should go to.

      In order to fix that, the base URL used to retrieve fragments should be configurable as property or in the config. Thereby you could set it to http://localhost:8080/ and skip the detoure

      Additional bug: https://git.magnolia-cms.com/projects/ENTERPRISE/repos/sitemesh/browse/src/main/java/info/magnolia/sitemesh/content/inject/InjectUriTag.java#103
      If the URI is "/" then using substringBefore() gives you "https:" instead of the base URL you need. Using this method in this context is a very bad practice because it will fail in many circumstances (e.g. besides "/" there is also the case of "http://foo.asdf.com/foo" which would also return "https:/" instead of the full base URL)


          Issue Links



              • Assignee:
                rkovarik Roman Kovařík
                mkaiser Michael Kaiser
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created:
                  Date of First Response: