(core) move some untagged assets served on plugin port

Summary: Some untagged assets on the plugin port could be a problem if that port is merged with the regular Grist app port, so we nest them within a non-conflicting path (/plugins/assets). Test Plan: see if a test fails anywhere Reviewers: georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4116
2024-10-27 20:44:07 +00:00 · 2023-11-14 14:14:08 -05:00 · 2023-11-14 14:14:08 -05:00 · 12317097f7
commit 12317097f7
parent 5197891427
3 changed files with 10 additions and 5 deletions
--- a/app/server/lib/FlexServer.ts
+++ b/app/server/lib/FlexServer.ts
@ -596,14 +596,19 @@ export class FlexServer implements GristServer {

  // Plugin operation relies currently on grist-plugin-api.js being available,
  // and with Grist's static assets to be also available on the untrusted
-  // host.  The assets should be available without version tags.
+  // host.  The assets should be available without version tags, but not
+  // at the root level - we nest them in /plugins/assets.
  public async addAssetsForPlugins() {
    if (this._check('pluginUntaggedAssets', 'dir')) { return; }
    this.app.use(/^\/(grist-plugin-api.js)$/, expressWrap(async (req, res) =>
      res.sendFile(req.params[0], {root: getAppPathTo(this.appRoot, 'static')})));
    // Plugins get access to static resources without a tag
-    this.app.use(limitToPlugins(this, express.static(getAppPathTo(this.appRoot, 'static'))));
-    this.app.use(limitToPlugins(this, express.static(getAppPathTo(this.appRoot, 'bower_components'))));
+    this.app.use(
+      '/plugins/assets',
+      limitToPlugins(this, express.static(getAppPathTo(this.appRoot, 'static'))));
+    this.app.use(
+      '/plugins/assets',
+      limitToPlugins(this, express.static(getAppPathTo(this.appRoot, 'bower_components'))));
    // Serve custom-widget.html message for anyone.
    this.app.use(/^\/(custom-widget.html)$/, expressWrap(async (req, res) =>
      res.sendFile(req.params[0], {root: getAppPathTo(this.appRoot, 'static')})));
--- a/test/fixtures/plugins/browserInstalledPlugins/plugins/custom-section/test-subscribe-api.html
+++ b/test/fixtures/plugins/browserInstalledPlugins/plugins/custom-section/test-subscribe-api.html
@ -1,7 +1,7 @@
 <html>
  <head>
    <script src="/grist-plugin-api.js"></script>
-    <script src="/jquery/dist/jquery.min.js"></script>
+    <script src="/plugins/assets/jquery/dist/jquery.min.js"></script>
    <script src="test-subscribe-api.js"></script>
  </head>
  <body>
--- a/test/fixtures/plugins/browserInstalledPlugins/plugins/dummy-importer/index.html
+++ b/test/fixtures/plugins/browserInstalledPlugins/plugins/dummy-importer/index.html
@ -3,7 +3,7 @@
    <script src="/grist-plugin-api.js"></script>
    <script src="script.js"></script>
    <!-- jquery is required for running browser test (see: `test/browser/webdriverjq.js`) -->
-    <script src="/jquery/dist/jquery.min.js"></script>
+    <script src="/plugins/assets/jquery/dist/jquery.min.js"></script>
    <style type="text/css">
      body {
        background-color: #ffffffb0;