Ticket #8243 (confirmed Bug)

Opened 3 years ago

Last modified 20 months ago

CKEDITOR assumes basepath will include protocol

Reported by: airtonix Owned by:
Priority: Normal Milestone:
Component: General Version: 3.0
Keywords: Cc:

Description (last modified by j.swiderski) (diff)

As far as client side resources are concerned, a Django 1.3 project can describe two important context variables :

  1. STATIC_URL : This is where we access all files that aren't generated by server side logic and are required by the interface clientside logic or appearance.
  1. MEDIA_URL This is where all resources for client side usage that were uploaded by users is accessed.

keeping site theme files separate from user uploads means we can host them from different domains (usually subdomains of the root)

something.org static.something.org files.something.org

So now onto the problem I'm having with CKEditor :

I define my STATIC_URL and MEDIA_URL like so :

something.org files.something.org static.something.org

What this does for me is reduce the amount of HTTPS <> HTTP wrangling behind the scenes.

However, CKeditor fails to load for me becuase you're codebase assumes the BASE_PATH for ckeditor will explicitly be prefixed by a protocol. Sure i can change the STATIC_URL and MEDIA_URL to :

http://something.org http://files.something.org http://static.something.org

but now keeping the site secure and preventing session cookie bleed-over is a great deal more difficult.

tl;dr : Don't make assumptions about the URL from which you load ckeditor.


Please see comment:5 for short description of problem that user is getting in editor.

Change History

comment:1 Changed 3 years ago by airtonix

sigh,

I define my STATIC_URL and MEDIA_URL like so :

//something.org
//static.something.org
//files.something.org

comment:3 follow-up: ↓ 4 Changed 3 years ago by alfonsoml

  • Status changed from new to pending

Ok, you have explained that you have a problem, but you haven't stated what's the error, a url for testing, some simple test case to check it, ....

Also you haven't stated which browsers you have tested

Without any hints to understand what's going on we can't help you. And of course, you should test with the latest release, older releases like 3.4 contains bugs that have been fixed in later ones.

comment:4 in reply to: ↑ 3 Changed 3 years ago by airtonix

I'm Sorry. I thought I explained the situation quite well to be honest.

I'm not going to give you urls to my website because it's an intranet and I'm not going to pastebin the code because it contains private information.

The real problem is the regex code you use to determine where to get the imgs for ckeditor buttons.

The situation is avoiding 'unsecure content on a secure page'

I save a lot of development time and effort by using :

 //static.example.com/path/to/image-that-is-a-custom-ck-button.png

Instead of :

    http://static.example.com/path/to/image-that-is-a-custom-ck-button.png 

or

    https://static.example.com/path/to/image-that-is-a-custom-ck-button.png

using double forward-slash instead of explicitly specifying protocol means i don't have to create a function serverside when building templates to determine if the client is already on https or http.

man explaining this is really frustrating... I can not believe you do not understand this concept!

But i can't use the double forward-slash with your ckeditor because it ignores the double forward-slash and ends up using this as the path to the image for custom buttons :

    http://static.example.com/js/ckeditor/undefined/images/ckeditor/icon-image.png?t=B5GJ5GG

when it should be :

    //static.example.com/images/ckeditor/icon-image.png?t=B5GJ5GG

comment:5 Changed 20 months ago by j.swiderski

  • Status changed from pending to confirmed
  • Version changed from 3.4 to 3.0

man explaining this is really frustrating... I can not believe you do not understand this concept!

@airtonix it wasn't about the concept but about the problem you are getting in editor. That is all I was asking for - problem you get in CKEditor explained in plain words.

I see you have provided it in commnet:4 at the bottom:

But i can't use the double forward-slash with your CKEditor because it ignores the double forward-slash and ends up using this as the path to the image for custom buttons :

    http://static.example.com/js/ckeditor/undefined/images/ckeditor/icon-image.png?t=B5GJ5GG

when it should be :

    //static.example.com/images/ckeditor/icon-image.png?t=B5GJ5GG

comment:6 Changed 20 months ago by j.swiderski

  • Description modified (diff)

comment:7 Changed 20 months ago by j.swiderski

Similar issue #10068.

Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy