Re-allow hosting HTML, JS & CSS from *.org #50
Merged
hw
merged 1 commits from momar/build-deploy-gitea:bugfix/fix-raw-content-type
into master
3 months ago
Loading…
Reference in new issue
There is no content yet.
Delete Branch 'momar/build-deploy-gitea:bugfix/fix-raw-content-type'
Deleting a branch is permanent. It CANNOT be undone. Continue?
This resolves a regression from
5553585631
-Content-Type: text/plain
was mistakenly set on pages like fonts.codeberg.org for HTML, JS and CSS files.Can you please also review #52?
Did that, I guess they're quite closely related and don't work at the same time, but solve different issues 🙈
df67f0f85f
tob23d3e83ac
1 year agoThis has now been rebased to include #52, together with some changes (see Codeberg/build-deploy-gitea#52).
I have deployed this to codeberg-test.org, and raw content it works when adding
116.203.144.175 raw.codeberg.eu
to/etc/hosts
(.eu
instead of.page
because it doesn't have HSTS;.page
instead of.org
becauseraw.*
doesn't work on.org
, as seen in #52).not sure if I understand, where is the reference to
.page
coming from?Because I'm not sure what domain is intended to be used for
raw.*
- it doesn't seem to beraw.codeberg.org
, becauseb23d3e83ac/var/www/pages/index.php (L47)
is in theelse
branch, so it won't work on*.org
- my question mainly is if that was intended.684342ffad
tob23d3e83ac
1 year agob23d3e83ac
to48c37c9d8d
1 year agoI just rebased this onto master - what's missing here @hw? Do you want raw.codeberg.org, raw.codeberg.page or raw.codeberg.eu? Security-wise it shouldn't matter.
raw.*
content must be served from dedicated domain (can be included from any site, the reason people asked for this is to be able to securely embed cross-site content).Either
.page/.eu
, or a new dedicated domain (if we think this is worth it). The main missing bit was a thourough review ;)Hm, you're right that Cookies might be set across subdomains.
I just disabled CORS to get-it-on.codeberg.org and docs.codeberg.org with an additional commit; it's needed though for design.codeberg.org and fonts.codeberg.org.
I think codeberg-raw.org or something makes sense for the raw content? But as this basically contains everything CORS-related, what can we do to make design.codeberg.org finally work? Deploy this as it is so raw.codeberg.page and raw.codeberg.eu works?
c6582ad10b
to4bc21c7082
1 year agoAlright, it's now using the Gitea API and contains a lot of extra measurements to make sure that the path is safe.
URL format is now: https://raw.codeberg.page/username/reponame/@branch/path/to/file, with the
@branch
component being optional. LFS or other identifiers than the branch are not possible with this version, but I guess that's alright for now.Fun fact: I'm also working on a new Pages server in Go that supports repositories with a
pages
branch (like https://example.codeberg.page/myrepo/), caching, compression, and custom domains with Let's Encrypt.We should set the
Link: <URL>; rel="canonical"
HTTP header for branches, to avoid redundant indexing by search engines, and keep crawler traffic within reasonable bounds, also add a disallow wildcard torobots.txt
.Shouldn't badges be embeddable across sites?
4bc21c7082
into master 1 year agoMerged for early testing, let's address the comments above in follow-up PR.
They are - CORS is basically only needed when requesting something directly from JavaScript, or if it's a web font. Embedding pictures or even scripts and stylesheets doesn't need CORS.
4bc21c7082
.