Skip to content

[4] Cassipopeia. Banner image and nonces. Move Inline Css to HEAD#37872

Merged
bembelimen merged 1 commit intojoomla:4.1-devfrom
ReLater:patch-3
Jun 5, 2022
Merged

[4] Cassipopeia. Banner image and nonces. Move Inline Css to HEAD#37872
bembelimen merged 1 commit intojoomla:4.1-devfrom
ReLater:patch-3

Conversation

@ReLater
Copy link
Contributor

@ReLater ReLater commented May 23, 2022

Summary of Changes

  • Adapt module layout code like found in layout default.php of mod_custom.

Testing Instructions

  • Current Firefox. Should be no difference with other browsers(?).

  • After installation of Joomla 4.1.3 you'll see a banner image in frontend. See image 1 below.

    • It's inserted by a site module named "image" of type mod_custom that uses layout Cassiopeia:banner.php.
  • Activate plugin System - HTTP Headers and configure it.

    • Activate Content-Security-Policy (CSP)
    • Activate Nonce. Nothing else.
    • Add a style-src Policy Directive: {nonce} 'self' 'unsafe-inline'
  • Go to frontend. Banner image is gone. See image 2 below.

  • Apply patch.

  • Image comes back. See image 1 below.

Image 1

grafik

Image 2

grafik

@ChristineWk
Copy link

I have tested this item ✅ successfully on 35d16b7


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37872.

@dgrammatiko
Copy link
Contributor

@ReLater although your approach seems to solve to problem, reality is that this approach is not gonna scale. Eg try editing the module in the backend and in the tinyMCE try to set the text alignment to right for the paragraph (it will be again broken). The solution obviously cannot be adding inline css declaration all around the layouts, this is a hack!

@brianteeman
Copy link
Contributor

@dgrammatiko in general you are correct. However in this specific case you are not. The css here is not user created but hardcoded into the template layout

@dgrammatiko
Copy link
Contributor

However in this specific case you are not.

Actually the current implementation is outdated. It can be done using an actual image tag instead of css background-image, ie: https://nystudio107.com/blog/the-css-background-image-property-as-an-anti-pattern

@ReLater
Copy link
Contributor Author

ReLater commented May 24, 2022

It was absolutely clear for me that there will not come a comment on the nonce issues over days, but when a pr is provided and I've wasted my time.

@dgrammatiko Can you tell me why you've tested the same solution successfully here? #32980

Kiss my ass! @dgrammatiko and Joomla! I think you don't need people like me. Keep the Joomla bugs and block security settings until one of your godfathers provides complicated solutions that nobody can follow and are complete bullshit behind the scene.

@HLeithner
Copy link
Member

I'm reopen this pull request, because I would accept it because it solves the problem in the first place. Improvements are always welcome.

@ReLater please be less rude in the future, you know we are all volunteers. Also you should know that maintainers are in charge for decline or approving pull requests. So it doesn't make sense to blame dimitries or brian for something they are not in the position to do. I hope we get this merged into 4.1 branch soon and get released with 4.1.5 (for 4.1.4 it's too late this will be released in a couple of hours).

@HLeithner HLeithner reopened this May 24, 2022
@brianteeman
Copy link
Contributor

hey- what did I do? I said dmitris was wrong

@HLeithner
Copy link
Member

hey- what did I do? I said dmitris was wrong

sorry it wasn't directly related on your comment it was only because you also joined the discussion.

@jwaisner
Copy link
Member

jwaisner commented Jun 1, 2022

I have tested this item ✅ successfully on 35d16b7


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37872.

@jwaisner
Copy link
Member

jwaisner commented Jun 1, 2022

RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37872.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Jun 1, 2022
@Fedik
Copy link
Member

Fedik commented Jun 4, 2022

I have redo my fix for mod_custom to work without ID, also I include the banner.php layout
Please test #37976

@bembelimen
Copy link
Contributor

I'm aware, that the IDs are not correct in modules (not only mod_custom but also in the chromes), but because of B/C issues, I will merge this and it can then improved in minor/mayor releases.

@bembelimen bembelimen merged commit c780363 into joomla:4.1-dev Jun 5, 2022
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Jun 5, 2022
@bembelimen
Copy link
Contributor

Thx

@bembelimen bembelimen added this to the Joomla 4.1.5 milestone Jun 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

10 participants

Comments