Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Static assets are hardcoded to be readed from /self-hosted/ folder on the init migration #10633

Open
rafaelromcar-parabol opened this issue Jan 7, 2025 · 2 comments · May be fixed by #10640
Open

Static assets are hardcoded to be readed from /self-hosted/ folder on the init migration #10633

rafaelromcar-parabol opened this issue Jan 7, 2025 · 2 comments · May be fixed by #10640
Assignees
@mattkrick
Labels
bug p2 Needs to be addressed on a reasonable timescale

Comments

@rafaelromcar-parabol
Copy link
Contributor

rafaelromcar-parabol commented Jan 7, 2025
edited
Loading

Issue - Bug

  • How serious is the bug? P2 but must be addressed asap.
  • OS: macOS / Linux / Windows / ?
  • Browser: Chrome / Safari / Lynx / ? + version
  • Node version: node --version
  • NPM version: npm --version

When the init migration is run, the static assets are hardcoded to be pulled from the instance domain /self-hosted path, which makes the external file store provider useless. Those static assets, the most basic ones for our application, aren't pushed to the external file store provider. And the clients are pulling them from the web server directly, instead of using a bucket or a CDN. That could provoke slowness or even be an attack vector, risking the application availability.

This only affects newly created instances, created from scratch using Parabol >v8. The init migration should be rebased, in order to fix it, replacing the hardcoded path with a variable, depending on the file store provider.

Problem is here. More information on the Slack thread

Acceptance Criteria (optional)

Static assets are read from their actual location
Triage is performed to find the root cause of the bug, timeboxed to ~1 hour.

Estimated effort: 1 hour to triage. More if root cause is already identified.
@github-project-automation github-project-automation bot moved this to To triage in Product Jan 8, 2025
@jordanh
Copy link
Contributor

jordanh commented Jan 8, 2025

Hi @rafaelromcar-parabol ! I am here to triage this.

Could you give me a bit more context on this finding? What is this bug in the way of?

@jordanh jordanh added the p2 Needs to be addressed on a reasonable timescale label Jan 8, 2025
@rafaelromcar-parabol
Copy link
Contributor Author

Sorry for that, context added to the issue @jordanh

@mattkrick mattkrick linked a pull request Jan 8, 2025 that will close this issue
Open
@mattkrick mattkrick moved this from To triage to In review in Product Jan 8, 2025
@mattkrick mattkrick moved this to Review/QA in Bugs/Support Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattkrick mattkrick

Labels
bug p2 Needs to be addressed on a reasonable timescale
Projects
Bugs/Support
Status: Review/QA
Product
Status: In review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: rebase migrations, remove draft-js enitrely ParabolInc/parabol
3 participants
@jordanh @mattkrick @rafaelromcar-parabol