Joern Nettingsmeier schrieb:
> Andreas Hartmann wrote:
>> Andreas Hartmann schrieb:
>>> Hi Lenya devs,
>>>
>>> ATM it is allowed to use URLs like
>>>
>>> /{pub-id}/{module}/foo.xml This interferes with areas.
>>> Specifically, the UuidToUrlTransformer rewrites
>>>
>>> /default/resource/icons/...
>>>
>>> to
>>>
>>> /default/authoring/icons/...
>>>
>>> because "resource" is not the current area. That's why the icon on
>>> resource pages doesn't appear.
>
> iirc there was consensus to get rid of the area concept in future
> developments, so we should not add more area-handling code now if
> possible...
Agreed. So maybe we should add a small workaround to the
uuid2url transformer.
> anyways, why does the transformer have to rewrite what it thinks is the
> "area" part of the URL at all?
/*
* This is legacy code. It rewrites links to
* non-document images (in resources/shared). These
* images shouldn't be referenced in documents since
* this violates the separation between content and
* layout.
*/
The URLs have to be rewritten, e.g., when publishing a document.
We could just match for "authoring" here, that should do for the
moment.
>>> Another problem is that it doesn't work with proxies out of the
>>> box, since the area's URL space is not self-contained.
>>>
>>>
>>> We could change this to
>>>
>>> /{pub}/{area}/{module}
>>>
>>> but this would imply a reserved URL space for each module which
>>> can't be used for content.
>
> -1, since there is no way for users to know which module names are
> reserved.
Agreed.
>>> Or:
>>>
>>> /{pub}/{area}/modules/{module}/...
>>> /{pub}/{area}/lenya-modules/{module}/...
>>>
>>> The former is less verbose, but more likely to cause URL clashes. The
>>> latter is probably quite safe.
>>>
>>> OTOH, some people might not want external URLs to contain the name
>>> of the CMS. Should we make this configurable?
>
> i'd very much prefer convention over configuration in such matters.
> and for the reason you stated, i prefer "modules".
Is this sufficient re. forward compatibility, or should we use
"lenya/modules", in case there are other CMS-related URL spaces
to come?
> although it would
> still be distinct enough that an attacker could easily google for lenya
> sites to exploit lenya security holes... but as long as we have areas,
> we're wide open to such attacks anyways, since most sites will have
> "live" in their uris somewhere unless they are proxying.
>
>
>> We could use a configurable prefix (preset to "lenya"):
>>
>> /{pub}/{area}/{lenya-prefix}/modules
>>
>> For instance
>>
>> /default/authoring/lenya/modules /yourpub/authoring/cms/modules
>
> -1
> this thing will be a world of pain to support...
Yes, that's true.
Thanks for your comments!
-- Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
