Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In the webserver-volto-plone example, it is not possible to see the Lead Image block image of private contents #16

Closed
wesleybl opened this issue May 19, 2022 · 4 comments

Comments

@wesleybl
Copy link
Member

When we create a Lead Image block, the Manager cannot see the image in the block until the content is published.

What did I do:

git clone [email protected]:plone/plone-frontend.git
cd plone-frontend/examples/webserver-volto-plone
docker-compose up -d
  • Not logged into the backend, I accessed Volto at:

http://localhost

  • I created a News Item
  • Added a Lead Image
  • I added a Lead Image block in the body of the text
  • I saved the News Item

The image is not shown in the block.

In Chrome devtools I see the image request:

http://localhost/news/@@images/2acb7e75-838e-43bd-a686-7d48cfc01d1b.png

But It gets a 302, redirecting to

https://localhost/acl_users/credentials_cookie_auth/require_login?came_from=/news/%40%40images/2acb7e75-838e-43bd-a686-7d48cfc01d1b.png

That is, it is as if the user does not have permission.

In the nginx configuration, I see that requests to @@image are sent directly to the backend, without going through the frontend:

location ~ /(@@download|@@images|@@ical_view) {
rewrite ^(.*) /VirtualHostBase/http/$server_name/Plone/VirtualHostRoot$1 break;
proxy_pass http://backend;
break;
}

It seems that in this situation, either the auth token is not passed to the backend, or the token passed is not valid in this request.

When I remove this configuration, making the request go through the frontend, everything works fine.

@wesleybl
Copy link
Member Author

I see: plone/volto#581

That is, a fix was made in Volto to access images of private content. So we have to go through it. Can we remove the nginx configuration that makes the request directly to the backend?

@ericof @sneridagh @tisto @cekk

@sneridagh
Copy link
Member

@wesleybl indeed, the NGINX config must be removed. There's no sense for it. Probably some leftover from the original Volto seamless mode.

@ericof
Copy link
Member

ericof commented May 27, 2022

I agree.

@wesleybl
Copy link
Member Author

Another thing I noticed is that on the Volto demo site:

https://volto.kitconcept.com/

when we authenticate, the __ac cookie is placed in the browser. This does not occur on a vanilla installation. With the __ac cookie, it is possible for nginx to request images directly from Plone.

So the question is: How did this cookie appear? Will the pas plugin be cited by @vangheem in plone/volto#581 (comment)?

Maybe @tisto knows something about it?

@ericof ericof closed this as completed in fa02e52 Jun 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants