Codeberg-Infrastructure
/
build-deploy-gitea
18
16
Fork 18
Code Issues 7 Pull Requests 1 Releases Wiki Activity
Labels Milestones

Re-allow hosting HTML, JS & CSS from *.org #50

Merged
hw merged 1 commits from momar/build-deploy-gitea:bugfix/fix-raw-content-type into master 3 months ago
Conversation 15 Commits 1 Files Changed 1
momar commented 1 year ago
Owner

This resolves a regression from 5553585631 - Content-Type: text/plain was mistakenly set on pages like fonts.codeberg.org for HTML, JS and CSS files.

This resolves a regression from 5553585631 - `Content-Type: text/plain` was mistakenly set on pages like fonts.codeberg.org for HTML, JS and CSS files.
hw commented 1 year ago
Owner

Can you please also review #52?

Can you please also review #52?
momar commented 1 year ago
Poster
Owner

Did that, I guess they're quite closely related and don't work at the same time, but solve different issues 🙈

Did that, I guess they're quite closely related and don't work at the same time, but solve different issues 🙈
momar force-pushed bugfix/fix-raw-content-type from df67f0f85f to b23d3e83ac 1 year ago
momar commented 1 year ago
Poster
Owner

This has now been rebased to include #52, together with some changes (see Codeberg/build-deploy-gitea#52).

This has now been rebased to include #52, together with some changes (see https://codeberg.org/Codeberg/build-deploy-gitea/issues/52#issuecomment-183030).
momar commented 1 year ago
Poster
Owner

I have deployed this to codeberg-test.org, and raw content it works when adding 116.203.144.175 raw.codeberg.eu to /etc/hosts (.eu instead of .page because it doesn't have HSTS; .page instead of .org because raw.* doesn't work on .org, as seen in #52).

I have deployed this to codeberg-test.org, and raw content it works when adding `116.203.144.175 raw.codeberg.eu` to `/etc/hosts` (`.eu` instead of `.page` because it doesn't have HSTS; `.page` instead of `.org` because `raw.*` doesn't work on `.org`, as seen in #52).
hw commented 1 year ago
Owner

I have deployed this to codeberg-test.org, and raw content it works when adding 116.203.144.175 raw.codeberg.eu to /etc/hosts (.eu instead of .page because it doesn't have HSTS; .page instead of .org because raw.* doesn't work on .org, as seen in #52).

not sure if I understand, where is the reference to .page coming from?

> I have deployed this to codeberg-test.org, and raw content it works when adding `116.203.144.175 raw.codeberg.eu` to `/etc/hosts` (`.eu` instead of `.page` because it doesn't have HSTS; `.page` instead of `.org` because `raw.*` doesn't work on `.org`, as seen in #52). not sure if I understand, where is the reference to `.page` coming from?
momar commented 1 year ago
Poster
Owner

Because I'm not sure what domain is intended to be used for raw.* - it doesn't seem to be raw.codeberg.org, because b23d3e83ac/var/www/pages/index.php (L47) is in the else branch, so it won't work on *.org - my question mainly is if that was intended.

Because I'm not sure what domain is intended to be used for `raw.*` - it doesn't seem to be `raw.codeberg.org`, because https://codeberg.org/Codeberg/build-deploy-gitea/src/commit/b23d3e83ac2654ad8d6bba6001097f1acf14d1cd/var/www/pages/index.php#L47 is in the `else` branch, so it won't work on `*.org` - my question mainly is if that was intended.
momar force-pushed bugfix/fix-raw-content-type from 684342ffad to b23d3e83ac 1 year ago
momar force-pushed bugfix/fix-raw-content-type from b23d3e83ac to 48c37c9d8d 1 year ago
momar commented 1 year ago
Poster
Owner

I just rebased this onto master - what's missing here @hw? Do you want raw.codeberg.org, raw.codeberg.page or raw.codeberg.eu? Security-wise it shouldn't matter.

I just rebased this onto master - what's missing here @hw? Do you want raw.codeberg.org, raw.codeberg.page or raw.codeberg.eu? Security-wise it shouldn't matter.
hw commented 1 year ago
Owner

Because I'm not sure what domain is intended to be used for raw.* - it doesn't seem to be raw.codeberg.org, because b23d3e83ac/var/www/pages/index.php (L47) is in the else branch, so it won't work on *.org - my question mainly is if that was intended.

raw.* content must be served from dedicated domain (can be included from any site, the reason people asked for this is to be able to securely embed cross-site content).

> Because I'm not sure what domain is intended to be used for `raw.*` - it doesn't seem to be `raw.codeberg.org`, because https://codeberg.org/Codeberg/build-deploy-gitea/src/commit/b23d3e83ac2654ad8d6bba6001097f1acf14d1cd/var/www/pages/index.php#L47 is in the `else` branch, so it won't work on `*.org` - my question mainly is if that was intended. `raw.*` content must be served from dedicated domain (can be included from any site, the reason people asked for this is to be able to securely embed cross-site content).
hw commented 1 year ago
Owner

I just rebased this onto master - what's missing here @hw? Do you want raw.codeberg.org, raw.codeberg.page or raw.codeberg.eu? Security-wise it shouldn't matter.

Either .page/.eu, or a new dedicated domain (if we think this is worth it). The main missing bit was a thourough review ;)

> I just rebased this onto master - what's missing here @hw? Do you want raw.codeberg.org, raw.codeberg.page or raw.codeberg.eu? Security-wise it shouldn't matter. Either `.page/.eu`, or a new dedicated domain (if we think this is worth it). The main missing bit was a thourough review ;)
momar added 1 commit 1 year ago
momar commented 1 year ago
Poster
Owner

Hm, you're right that Cookies might be set across subdomains.

I just disabled CORS to get-it-on.codeberg.org and docs.codeberg.org with an additional commit; it's needed though for design.codeberg.org and fonts.codeberg.org.

I think codeberg-raw.org or something makes sense for the raw content? But as this basically contains everything CORS-related, what can we do to make design.codeberg.org finally work? Deploy this as it is so raw.codeberg.page and raw.codeberg.eu works?

Hm, you're right that Cookies might be set across subdomains. I just disabled CORS to get-it-on.codeberg.org and docs.codeberg.org with an additional commit; it's needed though for design.codeberg.org and fonts.codeberg.org. I think codeberg-raw.org or something makes sense for the raw content? But as this basically contains everything CORS-related, what can we do to make design.codeberg.org finally work? Deploy this as it is so raw.codeberg.page and raw.codeberg.eu works?
👍 1
momar force-pushed bugfix/fix-raw-content-type from c6582ad10b to 4bc21c7082 1 year ago
momar commented 1 year ago
Poster
Owner

Alright, it's now using the Gitea API and contains a lot of extra measurements to make sure that the path is safe.

URL format is now: https://raw.codeberg.page/username/reponame/@branch/path/to/file, with the @branch component being optional. LFS or other identifiers than the branch are not possible with this version, but I guess that's alright for now.

Fun fact: I'm also working on a new Pages server in Go that supports repositories with a pages branch (like https://example.codeberg.page/myrepo/), caching, compression, and custom domains with Let's Encrypt.

Alright, it's now using the Gitea API and contains a lot of extra measurements to make sure that the path is safe. URL format is now: https://raw.codeberg.page/username/reponame/@branch/path/to/file, with the `@branch` component being optional. LFS or other identifiers than the branch are not possible with this version, but I guess that's alright for now. Fun fact: I'm also working on a new Pages server in Go that supports repositories with a `pages` branch (like https://example.codeberg.page/myrepo/), caching, compression, and custom domains with Let's Encrypt.
❤️ 1
hw commented 1 year ago
Owner

We should set the Link: <URL>; rel="canonical" HTTP header for branches, to avoid redundant indexing by search engines, and keep crawler traffic within reasonable bounds, also add a disallow wildcard to robots.txt.

We should set the `Link: <URL>; rel="canonical"` HTTP header for branches, to avoid redundant indexing by search engines, and keep crawler traffic within reasonable bounds, also add a disallow wildcard to `robots.txt`.
👍 1
hw commented 1 year ago
Owner

I just disabled CORS to get-it-on.codeberg.org

Shouldn't badges be embeddable across sites?

> I just disabled CORS to get-it-on.codeberg.org Shouldn't badges be embeddable across sites?
hw merged commit 4bc21c7082 into master 1 year ago
hw commented 1 year ago
Owner

Merged for early testing, let's address the comments above in follow-up PR.

Merged for early testing, let's address the comments above in follow-up PR.
👍 1
momar commented 1 year ago
Poster
Owner

Shouldn't badges be embeddable across sites?

They are - CORS is basically only needed when requesting something directly from JavaScript, or if it's a web font. Embedding pictures or even scripts and stylesheets doesn't need CORS.

> Shouldn't badges be embeddable across sites? They are - CORS is basically only needed when requesting something directly from JavaScript, or if it's a web font. Embedding pictures or even scripts and stylesheets doesn't need CORS.
The pull request has been merged as 4bc21c7082.
Sign in to join this conversation.
Reviewers
Request review
No reviewers
Labels
Apply labels
Clear labels
inadvertently closed
Closed because of updated branch names - might still be valid! Kind: Breaking Kind: Bug Kind: Enhancement Kind: Feature Kind: Maintenance Kind: Question Kind: Security Kind: Testing Priority: Critical
The priority is critical Priority: High
The priority is high Priority: Low
The priority is low Priority: Medium
The priority is medium Status: Blocked Status: Completed
Work is complete Status: Help wanted Status: In progress
Work is in progress Status: Needs feedback
Feedback is needed Status: Stale
No Label inadvertently closed Kind: Breaking Kind: Bug Kind: Enhancement Kind: Feature Kind: Maintenance Kind: Question Kind: Security Kind: Testing Priority: Critical Priority: High Priority: Low Priority: Medium Status: Blocked Status: Completed Status: Help wanted Status: In progress Status: Needs feedback Status: Stale
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch 'momar/build-deploy-gitea:bugfix/fix-raw-content-type'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes