Comments (5)
Most people want their backends to have the smallest exposure possible. In this case (Reservoir) that would be done by only allowing requests to /jsonapi/*
URLs from public IP ranges.
from reservoir.
Wonderful! Glad to hear you were able to very quickly get started 👍
Reservoir (Drupal) is intentionally providing root-relative file URLs: so that you can easily prefix it with whichever host you're letting serve static files. Many will want to use a CDN. Others will want to set up Varnish or nginx. And more importantly: to prevent problems when switching from your dev environment to your prod environment.
If we'd be returning absolute URLs, and you would be using those directly, then it'd be trivial to figure out the back end's URL. You probably don't want to expose Reservoir to the world.
If you do want to use Reservoir's web server directly (which makes total sense for development), then the same base URL that you use to talk to Reservoir can also be used to access static files. In production, you'd change this to a CDN base URL.
Thoughts?
from reservoir.
Hello !
Good points, but how i am supposed to "prefix" url ( from my front-end ) when it is inside html of a rendered body ?
from reservoir.
Oh, I thought you were referring to a file URL for the "Image" field! But you're referring to a file URL embedded in the rich text. That's … a very good point.
I can think of multiple approaches:
- in your client, you can parse this HTML, then do
querySelectorAll('img[data-entity-type=file]')
to get all relevantimg
tags, and prefix theirsrc
- Reservoir could remove the ability to have embedded images
- Reservoir could add a filter with a "static file URL" setting that's exposed in Reservoir's UI, and then combined with https://www.drupal.org/node/2626924, there would not just be
field_body[value]
, but alsofield_body[processed]
, which would then contain the absolute file URL
Thoughts?
from reservoir.
I would say that it does not makes much sense from a client-side perspective to receive a rendered body with "broken" links. This add extra works on each client ( we may have several clients pointing to the same reservoir ) to fix those urls. This is not hard but it has to be replicated and maintained on all clients.
So I would expect an option in reservoir to send processed urls. This allows to configure CDN from reservoir (or to simply use reservoir server url), and reservoir is able to propagate right urls to all clients.
I dont see the issue with "then it'd be trivial to figure out the back end's URL", my XHR requests reveals it anyway
from reservoir.
Related Issues (20)
- Cannot install Reservoir sites using config management best practices HOT 7
- jsonapi 404 spits out HTML HOT 1
- Delete 'Content model' Article breaks openapi/jsonapi HOT 2
- Demo content types + content should be optional during the installation process HOT 3
- CORS configuration has no effect when using default services.yml HOT 2
- webflo/drupal-core-strict creates dependency conflicts
- Protect the /admin/api/advanced route HOT 2
- Add support for GraphQL HOT 15
- Refreshing an access token
- Can't install reservoir due to drupal-core-strict HOT 1
- Lightning combined with Reservoir HOT 2
- Composer install crashes on Install -- "Killed" before completing build HOT 2
- Integrate Reservoir with search HOT 1
- Reservoir doesn't install since drupal-scaffold 2.4.0 HOT 1
- Getting 500 error on hitting the api for taxonomy terms HOT 2
- Scale images on advanced API form
- Drupal's Security Model HOT 2
- composer create-project acquia/reservoir-project reservoir-project --stability=alpha failed HOT 2
- Challenging some CMS restrictions
- Are install steps correct? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reservoir.