Joomla! Issue Tracker | Joomla! CMS #37872 - [4] Cassipopeia. Banner image and nonces. Move Inline Css to HEAD

? ?

Fixed in Code Base
5 Jun 2022
Medium
Build: 4.1-dev
# 37872
Diff
ReLater:patch-3

Pending

User tests: Successful: Unsuccessful:

ReLater
23 May 2022

Summary of Changes

Adapt module layout code like found in layout default.php of mod_custom.

Testing Instructions

Current Firefox. Should be no difference with other browsers(?).
After installation of Joomla 4.1.3 you'll see a banner image in frontend. See image 1 below.
- It's inserted by a site module named "image" of type mod_custom that uses layout Cassiopeia:banner.php.
Activate plugin System - HTTP Headers and configure it.
- Activate Content-Security-Policy (CSP)
- Activate Nonce. Nothing else.
- Add a style-src Policy Directive: {nonce} 'self' 'unsafe-inline'
Go to frontend. Banner image is gone. See image 2 below.
Apply patch.
Image comes back. See image 1 below.

Image 1

Image 2

35d16b7 23 May 2022

Move Inline Css to HEAD

ReLater - open - 23 May 2022

ReLater - change - 23 May 2022

Status

New

⇒

Pending

joomla-cms-bot - change - 23 May 2022

Category

⇒

Front End Templates (site)

ChristineWk - test_item - 23 May 2022 - Tested successfully

ChristineWk - comment - 23 May 2022

I have tested this item ✅ successfully on 35d16b7

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37872.}

dgrammatiko - comment - 24 May 2022

@ReLater although your approach seems to solve to problem, reality is that this approach is not gonna scale. Eg try editing the module in the backend and in the tinyMCE try to set the text alignment to right for the paragraph (it will be again broken). The solution obviously cannot be adding inline css declaration all around the layouts, this is a hack!

brianteeman - comment - 24 May 2022

@dgrammatiko in general you are correct. However in this specific case you are not. The css here is not user created but hardcoded into the template layout

dgrammatiko - comment - 24 May 2022

However in this specific case you are not.

Actually the current implementation is outdated. It can be done using an actual image tag instead of css background-image, ie: https://nystudio107.com/blog/the-css-background-image-property-as-an-anti-pattern

ReLater - comment - 24 May 2022

It was absolutely clear for me that there will not come a comment on the nonce issues over days, but when a pr is provided and I've wasted my time.

@dgrammatiko Can you tell me why you've tested the same solution successfully here? #32980

Kiss my ass! @dgrammatiko and Joomla! I think you don't need people like me. Keep the Joomla bugs and block security settings until one of your godfathers provides complicated solutions that nobody can follow and are complete bullshit behind the scene.

ReLater - close - 24 May 2022

ReLater - change - 24 May 2022

Status	Pending	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2022-05-24 10:37:35
Closed_By		⇒	ReLater
Labels	Added: ?

HLeithner - change - 24 May 2022

Status	Closed	⇒	New
Closed_Date	2022-05-24 10:37:35	⇒
Closed_By	ReLater	⇒

HLeithner - change - 24 May 2022

Status

New

⇒

Pending

HLeithner - comment - 24 May 2022

I'm reopen this pull request, because I would accept it because it solves the problem in the first place. Improvements are always welcome.

@ReLater please be less rude in the future, you know we are all volunteers. Also you should know that maintainers are in charge for decline or approving pull requests. So it doesn't make sense to blame dimitries or brian for something they are not in the position to do. I hope we get this merged into 4.1 branch soon and get released with 4.1.5 (for 4.1.4 it's too late this will be released in a couple of hours).

HLeithner - reopen - 24 May 2022

brianteeman - comment - 24 May 2022

hey- what did I do? I said dmitris was wrong

HLeithner - comment - 24 May 2022

hey- what did I do? I said dmitris was wrong

sorry it wasn't directly related on your comment it was only because you also joined the discussion.

jwaisner - test_item - 1 Jun 2022 - Tested successfully

jwaisner - comment - 1 Jun 2022

I have tested this item ✅ successfully on 35d16b7

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37872.}

jwaisner - change - 1 Jun 2022

Status

Pending

⇒

Ready to Commit

jwaisner - comment - 1 Jun 2022

RTC

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/37872.}

Fedik - comment - 4 Jun 2022

I have redo my fix for mod_custom to work without ID, also I include the banner.php layout
Please test #37976

bembelimen - comment - 5 Jun 2022

I'm aware, that the IDs are not correct in modules (not only mod_custom but also in the chromes), but because of B/C issues, I will merge this and it can then improved in minor/mayor releases.

bembelimen - close - 5 Jun 2022

bembelimen - merge - 5 Jun 2022

bembelimen - change - 5 Jun 2022

Status	Ready to Commit	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2022-06-05 22:42:26
Closed_By		⇒	bembelimen
Labels	Added: ?

bembelimen - comment - 5 Jun 2022

Thx

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#37872] - [4] Cassipopeia. Banner image and nonces. Move Inline Css to HEAD

Summary of Changes

Testing Instructions

Add a Comment