feat: enhance asset path handling to include config directory and improve assets directory validation #604
Conversation
…rove assets directory validation
| @@ -262,6 +262,7 @@ func (a *application) server() (func() error, func() error) { | |||
| absAssetsPath, _ = filepath.Abs(a.Config.Server.AssetsPath) | |||
| assetsFS := fileServerWithCache(http.Dir(a.Config.Server.AssetsPath), 2*time.Hour) | |||
| mux.Handle("/assets/{path...}", http.StripPrefix("/assets/", assetsFS)) | |||
| mux.Handle("/config/{path...}", http.StripPrefix("/config/", assetsFS)) | |||
There was a problem hiding this comment.
This is a gigantic security hole because not everyone will use environment variables for their passwords/API keys, and you're exposing their configs.
|
I don't think this change is necessary because you can already do this by having the assets directory within your config directory, mounting just the config directory and then specifying the location of the assets within server:
assets-path: /app/config/assets |
if I keep custom I understand that my modifications might be wrong, but if there is any other option to use single path or with multiple sub dir for all the files please add a support |
|
You must specify the path relative to the server URL, not relative to local path: server:
# this is a local directory path
assets-path: /app/config/assets
theme:
# this is a server URL path and will resolve to www.example.com/assets/user.css
custom-css-file: /assets/user.css
branding:
logo-url: /assets/logo.png
favicon-url: /assets/favicon.png |
aah you are right, may bad it was confusing a little now i get this |
|
not relevant PR as it already works |
Support Flexible Asset Path Resolution for Local and Docker Environments
Allow users to organize their Glance files in two ways:
/configdirectory/config(settings) and/assets(static files) - Existing setupChanges:
Single Volume Setup