Note: After writing the question, someone from our team had an idea that this may be related to the domain of the server which on which Webpack runs when building the assets, and is only coincidentally related to our sales channel domains, which is kind of supported by the observations.
This would mean that while Shopware/Symfony serves the assets, the asset building is where the problem occurs. Therefore I am leaving the original question intact, because the original question still stands.
I have set up several sales channels for two separate brands with two separate domains on my Shopware instance. The setup is similar to the following:
Brand ABC general shop - example.org (uses ABC theme)
Brand ABC US shop - example.org/us (uses ABC theme)
Brand DEF general shop - secondexample.org (uses DEF theme)
Brand DEF US shop - secondexample.org/us (uses DEF theme)
With ABC and DEF theme both inheriting from a base theme
Now, the problem is that I have some icons and assets in my twig files, such as
{% sw_icon 'example-icon' %}
<img src="{{ asset('bundles/defthemeplugin/assets/media/example-media.gif', 'asset') }}">
After setting everything up, I have noticed that the code above returns an absolute URL in the Example domain, e.g. example.org/bundles/defthemeplugin/assets/media/example-media.gif. This results in assets not being downloaded by the browser due to CORS requests being rejected.
Now, interestingly enough, I have found three more clues:
The secondexample.org/us website has the same absolute URLs as the HTML rendered in the secondexample.org sales channel, pointing to the example.org domain
If I change the first sales-channel's URL to thirdexample.org, then the asset URLs on secondexample.org still point to example.org
This is in no way connected to APP_URL in .env, as this is set to a different value that doesn't pop up in asset URLs
After every step/experiment I cleared the cache, rebuilt the JS, etc.
The whole project has a bit complicated architecture, but I believe I can describe it in more detail if need be. I have also not checked what happens on the example.org when it is swapped to some third domain, as currently I am not able to test that scenario.
My question is - where can I find the configuration or logic that decides what domain (or what string) gets put in front of the assets, icons, and all.css or all.js files for a given sales channel domain? Bonus question - how can I influence it so that the right domain is used for these links?
The Shopware version this was tested on is 6.4.10
I think you are right and this happens during the build process.
Checking the theme we are using, I found the variable #{$sw-asset-theme-url} is used:
#font-face {
src: url('#{$sw-asset-theme-url}/bundles/ ....
}
This is put on the fly into var/theme-variables.scss in the ThemeCompiler.
So if you want to use the same theme from different domains, you might need to add the CORS headers.
Related
I have a webview in an electron app that serves webpages via some other elements like an address bar, or the inherent clicking of a link. I am making a browser that serves up real webpages and it works as it should, but I would like to find a way to add a custom TLD to the webview in electron.
e.g. https://kristconsole.kst -> looks up the a record at https://krist.ceriat.net/names/kristconsole, serves the page in the fake 'a' record and masks the url in that 'a' record to kristconsole.kst.
If the 'a' record is https://google.com/ then I want kristconsole.kst to be masked as the url, but I want it to display https://google.com/'s contents.
Perhaps there is some kind of proxy/dns that I can run through electron to add my fictional tld with masking to the site that actually serves the content.
What I have tried: I have tried listening to events on clicking and webpage switching on the webview, but it seems inefficient if there is another method that can just mask the URL.
Any help is very appreciated!
Fisher
EDIT: I should have added more information, the .kst TLD is the only one I want to add, as it is a fictional tld used in a project that me and some friends are doing. How it works is you use the fictional cryptocurrency to 'buy' these .kst domains, and I want to mask them over whatever url the user picks when they register/update the domain name.
I have set up a secondary domain on my BC hosting successfully and have already set it up to point to a homepage and the url stays the way I wish, for example www.[secondary domain].com
I now want to setup a web app to use my secondary domain rather than my default, does anyone know how I would achieve this?
Fore example at present it looks like this www.[default domain].com/[webapp name]/ I would really want it to read www.[secondary domain].com/[webapp name]
I am going to have to use redirects when promoting the page and just accept that the proper url is going to be www.[default domain].com/[webapp name]/
BC serves all content the same, no matter which domain it is accessed from.
Proper server-side 301 redirects are unavailable, since BC gives us no method to discriminate by domain. You can perform a client-side 'redirect' though, after comparing the hostname in Javascript (with something like document.location.host).
There is also Liquid Markup, which you can use to detect the domain and vary the served content accordingly.
You'll need to ensure all links to the app are fully qualified, including the preferred domain.
I'd also add canonical links (<link rel="canonical" href="...">) to each page of the app. This will indicate the preferred domain to search engines.
Note the inverse is also a problem; content on your primary domain will also be accessible through the secondary domain, causing rank dilution / duplicate content issues.
I'm having a problem with a clients magento site that has https enabled on the secure pages,
The website it built heavily around static block content and on the https pages images are pulled from static blocks (over 400 of them) using the media insert in the static block {{media url="media/bla/bla/bob.png"}} these images are comign through as http://site.com/media/bla/bla/bob.png
its not realistic, and it wouldn't make any sense to go through and change all these links to direct links.
Any ideas?
Cheers
Roly!
You are suppose to use the {{store url=""}} or the {{secure_base_url}}media/ in ur blocks
if ur not certain that ur page will be on HTTPS or HTTP the use first one if you know for sure that the request will be HTTPs use second one. (NOTE. Second is a system config path not the actual value that u'll put in the CMS block).
Hope it helps.
Whereas media files are not subject to a fallback, and with the awareness that if the directory level for Magento changes w/r/t the webroot (e.g. http://site.com/ vs. http://site.com/magento/) you can lead with the double-slash network location:
<img src="//media/bla/bob.png" />
Therefore, a search and replace against using the current data in cms_block.content is indicated.
I'll reiterate that this is not appropriate for skin assets due to the fallback.
I use Amazon Cloudfront to host all my site's images and videos, to serve them faster to my users which are pretty scattered across the globe. I also apply pretty aggressive forward caching to the elements hosted on Cloudfront, setting Cache-Controlto public, max-age=7776000.
I've recently discovered to my annoyance that third party sites are hotlinking to my Cloudfront server to display images on their own pages, without authorization.
I've configured .htaccessto prevent hotlinking on my own server, but haven't found a way of doing this on Cloudfront, which doesn't seem to support the feature natively. And, annoyingly, Amazon's Bucket Policies, which could be used to prevent hotlinking, have effect only on S3, they have no effect on CloudFront distributions [link]. If you want to take advantage of the policies you have to serve your content from S3 directly.
Scouring my server logs for hotlinkers and manually changing the file names isn't really a realistic option, although I've been doing this to end the most blatant offenses.
You can forward the Referer header to your origin
Go to CloudFront settings
Edit Distributions settings for a distribution
Go to the Behaviors tab and edit or create a behavior
Set Forward Headers to Whitelist
Add Referer as a whitelisted header
Save the settings in the bottom right corner
Make sure to handle the Referer header on your origin as well.
We had numerous hotlinking issues. In the end we created css sprites for many of our images. Either adding white space to the bottom/sides or combining images together.
We displayed them correctly on our pages using CSS, but any hotlinks would show the images incorrectly unless they copied the CSS/HTML as well.
We've found that they don't bother (or don't know how).
The official approach is to use signed urls for your media. For each media piece that you want to distribute, you can generate a specially crafted url that works in a given constraint of time and source IPs.
One approach for static pages, is to generate temporary urls for the medias included in that page, that are valid for 2x the duration as the page's caching time. Let's say your page's caching time is 1 day. Every 2 days, the links would be invalidated, which obligates the hotlinkers to update their urls. It's not foolproof, as they can build tools to get the new urls automatically but it should prevent most people.
If your page is dynamic, you don't need to worry to trash your page's cache so you can simply generate urls that are only working for the requester's IP.
As of Oct. 2015, you can use AWS WAF to restrict access to Cloudfront files. Here's an article from AWS that announces WAF and explains what you can do with it. Here's an article that helped me setup my first ACL to restrict access based on the referrer.
Basically, I created a new ACL with a default action of DENY. I added a rule that checks the end of the referer header string for my domain name (lowercase). If it passes that rule, it ALLOWS access.
After assigning my ACL to my Cloudfront distribution, I tried to load one of my data files directly in Chrome and I got this error:
As far as I know, there is currently no solution, but I have a few possibly relevant, possibly irrelevant suggestions...
First: Numerous people have asked this on the Cloudfront support forums. See here and here, for example.
Clearly AWS benefits from hotlinking: the more hits, the more they charge us for! I think we (Cloudfront users) need to start some sort of heavily orchestrated campaign to get them to offer referer checking as a feature.
Another temporary solution I've thought of is changing the CNAME I use to send traffic to cloudfront/s3. So let's say you currently send all your images to:
cdn.blahblahblah.com (which redirects to some cloudfront/s3 bucket)
You could change it to cdn2.blahblahblah.com and delete the DNS entry for cdn.blahblahblah.com
As a DNS change, that would knock out all the people currently hotlinking before their traffic got anywhere near your server: the DNS entry would simply fail to look up. You'd have to keep changing the cdn CNAME to make this effective (say once a month?), but it would work.
It's actually a bigger problem than it seems because it means people can scrape entire copies of your website's pages (including the images) much more easily - so it's not just the images you lose and not just that you're paying to serve those images. Search engines sometimes conclude your pages are the copies and the copies are the originals... and bang goes your traffic.
I am thinking of abandoning Cloudfront in favor of a strategically positioned, super-fast dedicated server (serving all content to the entire world from one place) to give me much more control over such things.
Anyway, I hope someone else has a better answer!
This question mentioned image and video files.
Referer checking cannot be used to protect multimedia resources from hotlinking because some mobile browsers do not send referer header when requesting for an audio or video file played using HTML5.
I am sure of that about Safari and Chrome on iPhone and Safari on Android.
Too bad! Thank you, Apple and Google.
How about using Signed cookies ? Create signed cookie using custom policy which also supports various kind of restrictions you want to set and also it is wildcard.
Is there a solution to the following that I am missing in SharePoint/CAML. Note that I'll give a specific example of using a URL on a Redirect Page (publishing feature content type), but the issue is broader in scope than provisioning a Redirect Page. It is really a question anywhere a "URL" field/property can be set (web parts, pages, etc).
Like most SharePoint developers, I have a set of environments: "DEV", "QA", "STAGING", and "PROD". I have a few "locale" specific sites in each environment:
www.mysite.com
us.mysite.com
uk.mysite.com
etc...
Sites in each environment, other than PROD, have an environment prefix associated with them, for example:
us.dev.mysite.com
us.qa.mysite.com
us.staging.mysite.com
Probably a pretty common setup...
I have a need to redirect users to a page that only exists on the "www" site from each of the locale specific sites. I need the redirect to redirect users to appropriate "www" site for the environment they are currently in. For example, if I am in dev in the uk locale, and I visit the redirect page, I should be redirected to the www dev site.
I was hoping to use a "Redirect Page" from SharePoint to accomplish this. I was going to setup a feature (with module elements) to provision an instance of the "Redirect Page" content type. This allows me to specify a url to redirect users to. If I am provisioning the page through CAML, however, I need a way to ensure the redirect is appropriate for the environment being specified. I cannot trust myself, or other devs, to remember to change the URL each time we build and deploy the wsp to each environment.
Is there anyway in SharePoint/CAML to do some sort of token replacement based on some switch when specifying field/property values?
I'm not sure I understand you requirements entirely, but for the variance of environments (Dev, QA, Staging, Prod), I would use Chris O'Brien's 'Config Store' feature:
http://www.sharepointnutsandbolts.com/2008/05/introducing-sharepoint-config-store-for.html
This will create a simple list where you can store infomation specific to the current environement.
This combined with Gary Lapointe's stsadm extentions:
http://stsadm.blogspot.com/2007/08/stsadm-commands_09.html
You can use this to push out the correct values per environment to your 'Config Store' and in your code, query the 'config store list' for the environment value.
For sites that represent different countries, you can vary them on the regional settings property for that site/site collection/web. This adds another dimension to check in your code.
In your case, you may have entry in the config store called 'MyPrefixUrl' and call its value + relative path to redirect the user to the correct place.
Hope this doesn't confuse you.