Historically, we have used Apache rewrite directives to strip
query parameters with no arguments from the query
string (e.g. PARAM=&), and then redirect to the new URL.
However, this slows down user activity, and depending on your
HTTPS and proxy setup can cause suboptimal HTTP downgrades and
upgrades.
Test Plan:
0) Apply patch
1) Build Debian package
2) Install Debian package and reload Apache
3) Open developer tools on your favourite browser
4) Go to Network tab in developer tools
5) Go to /cgi-bin/koha/opac-main.pl
6) Search for "test"
7) Note a 200 status for "opac-search.pl?idx=&q=test"
If you got a 302 status for "opac-search.pl?idx=&q=test"
followed by a 200 status for "opac-search.pl?q=test", you
will know that your Apache configuration wasn't updated.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
As a simple alternative to the solution in bug 9949 or just as an
additional measure, this patch adds a rewrite rule for intranet
in order to intercept potential misuse of perl scripts that could be
reached on a dev package install via the cgi-bin/koha scriptalias.
It simply rewrites them to the nonexistent "notfound", resulting in a
regular 404 error.
The rewrite rule does not harm regular installs and is just a little extra
step in securing a dev install. You should have more security measures in
place to secure your staff client.
QA Note: Although a rewrite rule may not be our first choice, this one
rule is more elegant and easier to maintain than e.g. a whole bunch of
aliases.
Note: This patch should have a regular and a dev install signoff.
Test plan:
[1] Make sure that this rewrite rule is inserted in your actual apache
config via /etc/koha/apache-shared-intranet.conf. Restart Apache.
[2] For regular package installs:
Try one of the URLs in step 3.
Verify that your staff client still operates as usual. Test a few
URLs inside some modules.
[3] For dev installs:
Try some URLs like below.
Expect 404 errors only, not 500s. If you do not see a 404, go back!
/misc/stage_file.pl
/t/db_dependent/default_search_class.pl
/installer/data/mysql/updatedatabase.pl
/Makefile.PL
[4] Do you see an additional directory to add to the regex? Please report.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Trivial change. Speaks for itself.
Since koha/detail.pl does not exist, we cannot break things ;)
Test plan:
[1] Copy the change in apache-shared-intranet.conf to your actual
apache configuration. Probably in /etc/koha/.
[2] Restart Apache.
[3] Try a biblionumber say 123 on intranet with [your_staff_client]/bib/123.
Does the detail page come up?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The Rewrite rules for Apache don't work unless you're using
debian/templates/apache-shared-opac-plack.conf or
debian/templates/apache-shared-intranet-plack.conf.
This patch fixes the Rewrite rules for the non-Plack Debian
Apache configuration templates as well as the standard
Apache configuration file that comes with Koha.
__BEFORE APPLYING__
1. Visit /api/v1/app.pl/api/v1/spec on your git dev install
2. This should display a large page of JSON
3. Visit /api/v1/spec on your git dev install
4. This should generate a 404 error
__APPLY PATCH__
__AFTER APPLYING__
5. Visit /api/v1/app.pl/api/v1/spec on your git dev install
6. This should display a large page of JSON
7. Visit /api/v1/spec on your git dev install
8. This should display a large page of JSON (identical to
the one from earlier steps)
Signed-off-by: Ere Maijala <ere.maijala@helsinki.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Passed QA with few notes posted separately to Bugzilla.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 20187 has changed the JS and CSS rewrite rules to :
RewriteRule ^(.*)_[0-9][0-9]\.[0-9][0-9][0-9][0-9][0-9][0-9][0-9].js$ $1.js [L]
RewriteRule ^(.*)_[0-9][0-9]\.[0-9][0-9][0-9][0-9][0-9][0-9][0-9].css$ $1.css [L]
This patch changes this rules using [0-9]{N} and fusion in one rule.
And espaces the dot in extension js and css.
Test plan :
1) Go to intranet and opac
2) Check CSS and JS are doing well
3) Apply patch changes on our Apache configuration
4) Reload intranet and opac pages (Ctrl + F5)
5) Check CSS and JS are doing well
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The flags [N,L] make no sense: next and last combined.
Choosing here for L to stop the rewriting process.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Koha has the ability to include custom css in the apache configuration.
If a library has any custom css ( or adds a custom js file in some way ),
and that file has an underscore in it ( e.g. my_custom.css ), the
apache rewrite rule will convert it to my.css and thus it will 404.
We should make the rewrite rules as specific as possible for the
format we are using.
Test Plan:
1) Set OPAC_CSS_OVERRIDE to a file with an underscore in it
2) Note it does not work
3) Apply this patch
4) Update the apache rewrite rules to match those in the patch
For kohadevbox, just run /home/vagrant/misc4dev/cp_debian_files.pl
5) Restart apache
6) Reload the page, your custom css should load now!
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
This patch enables access to the REST API endpoint on packages setup.
It does so, by patching the shared apache-shared-intranet.conf and
apache-shared-opac.conf.
You can build your own master packages with this patch applied, or just:
- Grab
debian/templates/apache-shared-intranet.conf
debian/templates/apache-shared-opac.conf
and overwrite their counterparts in /etc/koha on a packages setup. For example
in kohadevbox.
- Have Koha loaded with all default data
- Create a superlibrarian user for you
- Login to the intranet and the OPAC
- Point your browser to:
http://localhost:8080/api/v1/patrons/51
=> SUCCESS: You get JSON data, for the patron you requested
http://localhost:8081/api/v1/patrons/51
=> SUCCESS: You get JSON data, for the patron you requested
- Sign off :-D
Note: I use the HTTPRequester addon for Firefox, re-using the CGISESSID value from the
browser session cookie, in the headers.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
A long-standing typo in our apache config files:
[intranet]/search refers to search.pl (which does not exist)
This patch refers it to catalogue/search.pl
Test plan:
Run an install or copy the change from apache-shared-intranet.conf or
koha-httpd.conf to your apache config. Restart Apache and check
if http://[your staff client]/search works.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Tested by making manual changes according to the patch. Did not test a
new installation.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
koha-common will be suitable for hosts with multiple Koha instances,
or those that otherwise need to do thing differently from the main
koha package.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
