[MSITEMESH-40] The base URL used to retrieve fragments should be configurable Created: 14/Apr/16  Updated: 02/May/16  Resolved: 25/Apr/16

Status: Closed
Project: SiteMesh
Component/s: None
Affects Version/s: 1.0.2
Fix Version/s: 1.0.3

Type: Improvement Priority: Major
Reporter: Michael Kaiser Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
duplicate
is duplicated by MSITEMESH-39 Magnolia calls external URL when rend... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Documentation update required:
Yes
Date of First Response:
Sprint: Kromeriz 41
Story Points: 8

 Description   

The sitemesh module simply relies on the original browser URL to make its fragment requests. This is problematic for three reasons:

1) Security: The application server needs to be able to access local routs using the same URL as end users. However, in many setups there are firewalls in place between the app server and the system which the respective DNS entries point to (e.g. the load balancer).

2) Performance: This is very inefficient since to receive a fragment instead of requesting it directly from localhost, the request will go (in our case) a load balancer, firewall and reverse proxy simply to get at data which is available on the same machine.

3) Reliability: In cases where the fragment relies on sticky sessions (which is not that unlikely, since user specific components are certainly one of the main use cases), the server might get the fragment not from itself but from some other app server since there is not way for the load balancer to know which server the request should go to.

In order to fix that, the base URL used to retrieve fragments should be configurable as property or in the config. Thereby you could set it to http://localhost:8080/ and skip the detoure

Additional bug: https://git.magnolia-cms.com/projects/ENTERPRISE/repos/sitemesh/browse/src/main/java/info/magnolia/sitemesh/content/inject/InjectUriTag.java#103
If the URI is "/" then using substringBefore() gives you "https:" instead of the base URL you need. Using this method in this context is a very bad practice because it will fail in many circumstances (e.g. besides "/" there is also the case of "http://foo.asdf.com/foo" which would also return "https:/" instead of the full base URL)



 Comments   
Comment by Roman Kovařík [ 27/Apr/16 ]

For Docu:
You can set

/server/filters/sitemesh/decoratedFilter/contentProcessor/tagRuleBundles/magnolia/rules/InjectUriRule/tag/baseUrl to e.g. http://localhost:8080${contextPath}:

If not set, the base URL of the current request is used:

Generated at Mon Feb 12 10:57:12 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.