[Kolab-devel] Roundcube CSRF Patch and assets path

Daniel Hoffend dh at dotlan.net
Mon Sep 15 12:24:16 CEST 2014


I'm currently seeing problems with the CSRF Patch and the asset path 
configuration option.

The CSRF Patch introduced the $config['assets_path'] variable to 
correctly link to css, scripts and images.

Currently the pykolab package suggests to configure the assets_path to 
'/roundcubemail/assets/'. But this results in URLs generated like this 
(in the html code).
http://kolab.example.org/roundcubemail/roundcubemail/assets/<something>

When I set the assets_path to '/assets/' then the urls are expended to 
hostname/roundcubemail/assets/... and everything seems to work fine. But 
IMHO this is a very fundamental problem. An URL starting with a "/" 
sounds to be like an absolute URL. An absolute URL shouldn't be expended 
with the base directory. If I want to have a relative URL I would 
configure 'assets/' and not '/assets/';

btw. I don't see a Problem in the Apache Configuration. The Apache Conf 
and the rewrites needed for the CSRF patch and support of old plugins 
are working fine. I don't see any need to included rewrites that should 
fix double'd assets paths like /roundcubemail/roundcubemail/ ...

IMO i see 3 options

1) Use /assets/ again as assets_path in the setup-kolab templates and 
ignore the fact that /assets/ is not an absolute url.
2) Use asset/ as assets_path (which seems to work but doesn't fix the 
leading / problem)
3) fix the CSRF patch that an assets_path with leading / does not get 
the url expanded


--
Regards
Daniel Hoffend
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5714 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20140915/fdbe576d/attachment.bin>


More information about the devel mailing list