Problem/Motivation

This is basically an follow-up to #1926884: CDN module is not compatible with security fix in Drupal core update 7.20.
It looks like the farfuture option doesn't properly work with image style tokens in _cdn_basic_farfuture_generate_file().
The url's generated and called by that function won't contain the image style token and thus the idea of having a loop to ensure a file is available / generated doesn't work out anymore.

This presents in the watchdog log as numerous errors of the type cdn: Nested HTTP request to generate

Proposed resolution

Use the limited information we have about to url to figure out if it is an image style token is needed. If so generate the token and add it to the url before making the request.

Remaining tasks

Not yet tested with private files. But I assume it should work since the stream wrappers are handled dynamically.

User interface changes

None.

API changes

_cdn_basic_farfuture_generate_file() has new parameter as we need the orignal url with the stream wrapper prefix.

CommentFileSizeAuthor
#2 interdiff-0-2.txt369 bytesparanojik
#2 2407287-Farfuture-incopatible-with-image-style-tokens-2.patch2.7 KBparanojik
cdn-farfuture-image-style-token-compatibility.patch2.57 KBdas-peter

Comments

das-peter’s picture

das-peter commented

Just deployed this and the watchdog now shows notices instead criticals.
I hope these soon also disappear because the files are finally generated.

paranojik’s picture

paranojik commented
StatusFileSize
new 2407287-Farfuture-incopatible-with-image-style-tokens-2.patch2.7 KB
new interdiff-0-2.txt369 bytes

Tested. And works as expected. I only removed a redundant line. I think this is RTBC.

paranojik’s picture

paranojik commented
Title: Farfuture Option is incompatible wiht image style tokens (security fix in Drupal core update 7.20) » Farfuture Option is incompatible with image style tokens (security fix in Drupal core update 7.20)
Status: Needs review » Reviewed & tested by the community

...and changed the status :)

hswong3i’s picture

hswong3i commented

RTBC +1

johnennew’s picture

johnennew commented
Issue summary: View changes

This does appear to have solved this issue, prior to applying this patch i was receiving many WATCHDOG_ERROR messages (not WATCHDOG_INFO) of the type: WD cdn: Nested HTTP request to generate. After applying these appear to have stopped. I've updated issue summary to include this watchdog message which users might notice first.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Title: Farfuture Option is incompatible with image style tokens (security fix in Drupal core update 7.20) » "Far Future expiration" setting is incompatible with image style tokens (security fix in Drupal core update 7.20)
Priority: Normal » Critical
Status: Reviewed & tested by the community » Fixed

Manually tested, works perfectly.

I can't believe this slipped through the cracks back then :( This is why we need all these things to be unit testable… The CDN module in Drupal 8 will be so much more maintainable!

  • Wim Leers committed 03697aa on 7.x-2.x authored by paranojik 
    Issue #2407287 by paranojik, das-peter: Farfuture Option is incompatible...
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented

#2050085: Generate File and #1966936: Intermittent failure to generate images are duplicates of this.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented

Another indirect duplicate: #2088503: CDN + Adaptive Image styles (AIS) for responsive images.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.