Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GWC-1234] Refactor inline JavaScript in the Demo Page #1236

Merged
merged 1 commit into from
May 13, 2024
Merged

[GWC-1234] Refactor inline JavaScript in the Demo Page #1236

merged 1 commit into from
May 13, 2024

Conversation

sikeoka
Copy link
Contributor

@sikeoka sikeoka commented Apr 18, 2024
edited
Loading

This PR moves the inline JavaScript in the Seed Controller into an external file. See #1234 for more information. This PR is related to Content-Security-Policy work for GeoServer 2.26.0 and should NOT be backported.

All Java inputs that were previously written directly into the script tag are now written to hidden input fields that the external JavaScript file will read. The previous Demo Page Java code had to mix HTML and JavaScript escaping depending on where inputs were being written to but the new code only needs to use HTML escaping.

The GetFeatureInfo output was previously handled with a JavaScript XMLHttpRequest call and writing the response into the DOM but is now handled by an iframe like the WMS GetMap OpenLayers3 output format. The reason for this is that the iframe uses its own CSP which allows the GetFeatureInfo HTML to use a more lenient CSP than the Demo page. For example, the GetFeatureInfo CSP can enable inline scripts even if the Demo Page CSP disables inline scripts.

Example of the hidden inputs:

<input type="hidden" id="hidden_gridsetName" value="EPSG:4326" />
<input type="hidden" id="hidden_gridNames" value="[&quot;EPSG:4326:0&quot;, &quot;EPSG:4326:1&quot;, ..." />
<input type="hidden" id="hidden_format" value="image/png" />
<input type="hidden" id="hidden_layerName" value="ne:boundary_lines" />
<input type="hidden" id="hidden_SRS" value="EPSG:4326" />
<input type="hidden" id="hidden_unit" value="degrees" />
<input type="hidden" id="hidden_resolutions" value="[0.703125, 0.3515625, 0.17578125, 0.087890625, ...]" />
<input type="hidden" id="hidden_tileWidth" value="256" />
<input type="hidden" id="hidden_tileHeight" value="256" />
<input type="hidden" id="hidden_minX" value="-180.0" />
<input type="hidden" id="hidden_maxY" value="90.0" />
<input type="hidden" id="hidden_isVector" value="false" />
<input type="hidden" id="hidden_maxX" value="180.0" />
<input type="hidden" id="hidden_minY" value="-90.0" />
<input type="hidden" id="hidden_fullGrid" value="false" />
<input type="hidden" id="hidden_origin" value="[-180.0, 90.0]" />
<input type="hidden" id="hidden_bbox" value="[-180.0,-90.0,180.0,90.0]" />
<input type="hidden" id="hidden_zoomBounds" value="[-140.99778,-54.89681,141.0338517600138,70.16419]" />```

@sikeoka sikeoka mentioned this pull request Apr 19, 2024
Merged
11 tasks
@aaime
Copy link
Member

aaime commented May 13, 2024

Tested interactively, appears to be working fine. Merging.

@aaime aaime merged commit acc8041 into GeoWebCache:main May 13, 2024
7 checks passed
@sikeoka sikeoka deleted the GWC-1234 branch May 16, 2024 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sikeoka @aaime