artanis
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pub Directories

From: Jaft
Subject: Re: pub Directories
Date: Tue, 24 Nov 2020 20:28:17 +0000 (UTC)
Oh, no worries; if it's more secure, that's obviously more important.

The thing that throws me off, though, is that the URL I'm trying to hit directly doesn't contain pub.

Basically, I can pull CSS files directly, just fine, by putting https://domain/css/file.css into the browser but trying to do the equivalent for one of the fonts (say, https://domain/font/font.ttf) results in not being able to access the file.

The static file is in the public (pub) directory (albeit in a directory in the public directory), I'm not using pub in the URL, and I'm not referencing anything relatively (.. or the like) so I thought that would've been able to work, still.

Artanis throws up the following error when I try to access the font:

[REASON] Client 127.0.0.1 had visited an invalid path /font/font.ttf

Is there, potentially, a restriction on the type of static files that can be accessed? Accessing HTML snippets I have in the root of the public directory directly (https://domain/file.html) works fine, as well.

Jonathan

On Monday, November 23, 2020, 10:45:47 PM CST, Nala Ginrut <mulei@gnu.org> wrote:



I think this is related to a recent security fix:
https://lists.gnu.org/archive/html/artanis/2020-10/msg00008.html

Here're 2 critical points:
1. Related path of static files in URL will not work anymore.
2. `pub' shouldn't appear in URL anymore.

This fix breaks the older behaviour of URL remapping, but it's important
for security.
Sorry for that, it's all my fault.

Best regards.


Jaft writes:

>  *Should I (be able to do something like that?)
>    On Saturday, November 21, 2020, 10:23:32 PM CST, Jaft <jaft.r@outlook.com> wrote:
>
>  Hey, Nala.
> Did any of the commits you made in the last month change how public files work?
> I'd made a directory called font in the pub directory to store fonts to use and, now, they don't seem to be recognized as existing.
>
> I have a CSS file (under the css directory) that refers to them via url('../font/font.name') but even trying to visit the file via URL (https://domain/font/font.name) throws a 404.
> I should be able to do something like that? I don't remember if the manual ever said so explicitly but I figured I could use things that way since pub is supposed to hold all public files. None of my HTML snippets seem to've been disturbed (I've just been putting them directly in pub, rather than in a particular directory) and my CSS in the css directory has been loading fine, still.
> Jonathan



--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058

reply via email to
[Prev in Thread] Current Thread [Next in Thread]