wro4j and https

[Matt Raible]

I have a group in my wro.xml file that points to resources at http://foo.com/blah. This seems to work fine when I'm requesting the resource with http. The images use a relative path. However, when I switch to https, it uses an absolute path for images and still uses "http" instead of https. This causes a security warning in IE7 and IE8. Is there a way to make the https request use relative paths too?

Here's my wro.properties:

debug=false

managerFactoryClassName=ro.isdc.wro.manager.factory.ConfigurableWroManagerFactory

preProcessors=cssUrlRewriting,semicolonAppender,cssMinJawr

gzipResources=false

encoding=UTF-8

ignoreMissingResources=false

postProcessors=cssVariables,jsMin

uriLocators=servletContext,uri,classpath

Thanks,

Matt

[Alex Objelean]

Hi Mat,

this seems to be a bug. I'll open an issue and will fix it in next release. If there is a short term solution, I'll add it here.

Cheers,

Alex

--
You received this message because you are subscribed to the Google Groups "wro4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wro4j+un...@googlegroups.com.
To post to this group, send email to wr...@googlegroups.com.
Visit this group at http://groups.google.com/group/wro4j.
For more options, visit https://groups.google.com/groups/opt_out.

[Matt Raible]

The workaround I've used in the meantime is to remove cssUrlRewriting and then adding a UrlRewriteFilter rule to forward requests to images.

<!-- Fix image URLs in CSS -->
<rule>
    <from>^/assets/v/images</from>
    <to>/images</to>
</rule>

Normally, this might not be necessary, but I'm using the following technique to add versioning to the URL.

http://raibledesigns.com/rd/entry/versioning_static_assets_with_urlrewritefilter

You received this message because you are subscribed to a topic in the Google Groups "wro4j" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wro4j/8Wfq7gK_EcQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wro4j+un...@googlegroups.com.

[Alex Objelean]

Actually I wouldn't consider this a bug, but rather a custom use-case which require a custom configuration. 

One solution is to create a custom implementation of CssUrlRewritingProcessor which secures the external image references. You can see the implemented example here.

Let me know if you find this solution useful.

Cheers,

Alex

[Matt Raible]

I actually want it to be smart enough to use http when it's an http:// request and https when it's secure. I'm guessing removing the scheme might be the way to go (see below). Once I have this created, can I simply put the following in wro.properties:

managerFactoryClassName=ro.isdc.wro.manager.factory.ConfigurableWroManagerFactory

preProcessors=customCssUrlRewriting,semicolonAppender,cssMinJawr

I tried this, but I'm using the runtime filter and it seems to be failing.

Thanks,

Matt

public class CustomCssUrlRewritingProcessor extends CssUrlRewritingProcessor {

    private static final Logger LOG = LoggerFactory.getLogger(CustomCssUrlRewritingProcessor.class);

    /**

     * The alias used to register this processor. It is possible to use the same alias as original processor

     * ("cssUrlRewriting"), in such case custom processor will replace the original processor having a higher priority (@see

     * {@link Ordered} interface).

     */

    public static String ALIAS = "customCssUrlRewriting";

    @Override

    protected String replaceImageUrl(final String cssUri, final String imageUrl) {

        final String replacedCssUri = fixScheme(cssUri);

        return super.replaceImageUrl(replacedCssUri, imageUrl);

    }

    private String fixScheme(final String cssUri) {

        String fixedUri = cssUri.replace("http://", "//");

        return fixedUri.replace("https://", "//");

    }

}

[Matt Raible]

Here's the error I'm getting:

ro.isdc.wro.WroRuntimeException: Invalid strategy alias provided: <customCssUrlRewriting>. Available aliases are: [conformColors, consoleStripper, cssCompressor, cssDataUri, cssImport, cssMin, cssMinJawr, cssUrlRewriting, cssVariables, duplicateAwareCssDataUri, fallbackCssDataUri, jsMin, lessCssImport, multilineStripper, semicolonAppender, variablizeColors]

at ro.isdc.wro.model.resource.support.AbstractConfigurableMultipleStrategy.getConfiguredStrategies(AbstractConfigurableMultipleStrategy.java:56)

at ro.isdc.wro.model.resource.processor.factory.ConfigurableProcessorsFactory.getPreProcessors(ConfigurableProcessorsFactory.java:164)

at ro.isdc.wro.model.group.processor.PreProcessorExecutor.applyPreProcessors(PreProcessorExecutor.java:184)

at ro.isdc.wro.model.group.processor.PreProcessorExecutor.processAndMerge(PreProcessorExecutor.java:103)

at ro.isdc.wro.model.group.processor.PreProcessorExecutor.processAndMerge(PreProcessorExecutor.java:77)

at ro.isdc.wro.model.group.processor.GroupsProcessor.process(GroupsProcessor.java:83)

How do I register customCssUrlRewriting as a processor?

The CstomCssUrlRewritingProcessor below is in my classpath.

[Matt Raible]

I was able to get this to work by creating a CustomProcessorProvider:

public class CustomProcessorProvider implements ProcessorProvider {

    @Override

    public Map<String, ResourcePreProcessor> providePreProcessors() {

        final Map<String, ResourcePreProcessor> map = new HashMap<String, ResourcePreProcessor>();

        map.put(CustomCssUrlRewritingProcessor.ALIAS, new CustomCssUrlRewritingProcessor());

        return map;

    }

    @Override

    public Map<String, ResourcePostProcessor> providePostProcessors() {

        final Map<String, ResourcePostProcessor> map = new HashMap<String, ResourcePostProcessor>();

        map.put(CustomCssUrlRewritingProcessor.ALIAS, new CustomCssUrlRewritingProcessor());

        return map;

    }

}

And then registering it in src/main/resourcesMETA-INF/services/ro.isdc.wro.model.resource.processor.support.ProcessorProvider

Here's my custom URL rewriter:

public class CustomCssUrlRewritingProcessor extends CssUrlRewritingProcessor {

    /**

     * The alias used to register this processor. It is possible to use the same alias as original processor

     * ("cssUrlRewriting"), in such case custom processor will replace the original processor having a higher priority (@see

     * {@link Ordered} interface).

     */

    public static String ALIAS = "customCssUrlRewriting";

    @Override

    protected String replaceImageUrl(final String cssUri, final String imageUrl) {

        String url = super.replaceImageUrl(cssUri, imageUrl);

        return removeScheme(url);

    }

    private String removeScheme(final String imageUrl) {

        String fixedUri = imageUrl.replace("http://", "//");

        return fixedUri.replace("https://", "//");

    }

}

Any reason this shouldn't be a part of the default cssUrlRewriting processor? 

Thanks,

Matt

[Alex Objelean]

This approach should work. Unless anybody else is aware about potential problems caused by this approach, I don't mind using it as the default.

I'll create an issue and will fix it for the next release.

Thanks,

Alex

[Alex Objelean]

Here is the issue for this problem: issue796

Will fix it as part of 1.7.2 release.

Thanks for the hint.

Cheers,

Alex

[Alex Objelean]

I think there is a potential problem:

what if the external server you are using to fetch css and images from, doesn't have a valid SSL certificate or doesn't serve resources over HTTPS at all?

Thanks,

Alex

[Matt Raible]

Yes, this could certainly be a problem. In fact, I noticed that after I implemented this yesterday, I experienced exactly that. 

To fix, I used my custom URL rewriter to strip out the server name and make the reference to images a relative path. Then I used UrlRewriteFilter to proxy the requests to the remote server. Of course, I had to add the remote server's certificate to my server's keystore for this to work.