Drupal version 7.20 has a security fix to the core Image module that is incompatible with the CDN module:
http://drupal.org/drupal-7.20-release-notes
In rare cases, this change may alter the way HTTP caches or CDNs handle the images. Sites using HTTP caches or CDNs should examine their configuration and test this release carefully before deploying it to a production site.
The final image URLs now look like:
http://example.com/sites/default/files/styles/style_name/public/example-image.png?itok=YcnYp23B
I believe the issue is happening in _cdn_html_alter_file_url.
I haven't fully examined the regex used in there, but I think the query parameter is match position 5 and not 6, but the module is specifying position 6 for the query parameters. The 'itok' query parameter is removed by the CDN module and then the core Image module refused to make new image style variations for images.
Comment | File | Size | Author |
---|---|---|---|
#8 | drupal_7.20_7.21_compatibility-1926884-8.patch | 4.35 KB | Wim Leers |
Comments
Comment #1
dan.mantyla CreditAttribution: dan.mantyla commentednoooooo! please fix this! :(
Comment #2
Wim LeersWe probably need to do something similar to #1923336-21: Insert module doesn't work with Drupal 7.20.
Comment #3
David_Rothstein CreditAttribution: David_Rothstein commentedSlight retitling because I'm linking to this from http://drupal.org/drupal-7.20-release-notes.
(@danmantyla, thanks for sending me the heads-up about it.)
Comment #4
iamEAP CreditAttribution: iamEAP commentedJust deployed 7.20 on a site also using the CDN module when I happened to stumble into this issue. Nearly have a panic attack.
Just reporting that this issue does not affect all image URL re-writing done by the module (for instance, the thumbnail generated after uploading an image via image field works fine, and relatedly, all image URL re-writes done when rendering image fields works as expected).
Related to what was originally reported, it seems this is isolated to re-writes performed within actual field text/html content (which I didn't even realize was a feature until I looked into the code).
Comment #5
Wim LeersComment #6
agatlin CreditAttribution: agatlin commentedIs there a plan to fix this bug?
Comment #7
Wim LeersYes: I'll work on it ASAP.
Last week I committed a bunch of other bugfixes, this is one of the last two bugs to be fixed: #1915662: [meta] 2.6 release (bugfixes only).
Comment #8
Wim LeersTo make this work, I am FORCED to allow query strings. Hence I'm forced to contradict myself over at #1864536-10: Support dynamically generated images (via query strings).
The attached patch makes the CDN module compatible with Drupal 7.20/7.21. Please test and report back.
Comes with updated tests.
Comment #10
Wim LeersAlso note that until #1936176: image.module uses file_create_url() incorrectly is committed to Drupal core and you're running a release of Drupal on top of that release, CDN module's Far Future expiration functionality is unable to generate the file; hence preventing Far Future expiration for the first appearance of image style URLs. Only once the derivative is generated, it's possible to use CDN module's Far Future expiration; so only the *second* appearance will use the Far Future expiration.
Comment #11
Wim Leers#8: drupal_7.20_7.21_compatibility-1926884-8.patch queued for re-testing.
Comment #13
Wim Leersgit clone of CDN's 7.x-2.x branch, wget the patch, git apply: it all works. `git apply --check` also works. I'm clueless why testbot fails to apply it.
@all: please test!
Comment #14
iamEAP CreditAttribution: iamEAP commentedMoving version to 7.x-2.x-dev. Believe that should do it?
Comment #15
iamEAP CreditAttribution: iamEAP commented#8: drupal_7.20_7.21_compatibility-1926884-8.patch queued for re-testing.
Comment #16
Wim Leers#14: HAHAHAHA I'm such a n00b! Thanks :)
Comment #17
mermentau CreditAttribution: mermentau commentedI applied the patch to cdn.fallback.inc and it didn't work for me. I didn't apply the patch to cdn.test thinking that for my purpose I wouldn't need to. Do I need to do both? Images are on Amazon S3.
In edit I see that core has a 7.21 now, and maybe I need to get that.
Comment #18
mermentau CreditAttribution: mermentau commentedUpdated Drupal to 7.21 and applied the entire patch. All the images from Amazon cloudfront work fine. It's a video and thumbnail that's on Amazon S3 that fail to display. Looking at Firefox Page Info it shows the thumbnail downloaded with dimensions 0 x 0, but checking on S3 the image is fine. Disable the CDN module and all works fine.
Comment #19
Wim Leers#18: so this patch is breaking your thumbnails on S3, ie the CDN module without this patch works correctly?
Comment #20
mermentau CreditAttribution: mermentau commentedPrior to Drupal 7.20 it worked fine. I tried it with Drupal 7.21 and then applied the patch. No luck either way.
Comment #21
Wim LeersHrm. Can you contct me via my d.o contact form, and give me access to a staging server or relay details that could aid me in debugging? (Unless you can post publicly, then just post here.)
Comment #22
mermentau CreditAttribution: mermentau commentedI'll use your contact form.
Comment #23
Wim Leers@mermentau: After looking at your site, I'm 98% certain that this is because you're using an Amazon S3 file stream wrapper. The CDN module has a known compatibility problem with custom stream wrappers, and a patch that should solve it is over at #1863310: CDN module should know how to deal with custom stream wrappers. Please apply that patch and let me know if that fixed the problem for you! :)
If you can review that patch and confirm it works, it'll be in the imminent 2.6 release, otherwise it won't!
Comment #24
mermentau CreditAttribution: mermentau commentedInstalled the patch at http://drupal.org/node/1863310 and it works great. That is with Drupal 7.21 and also the patch at #8 here.
Comment #25
Wim LeersCommitted #8.
http://drupalcode.org/project/cdn.git/commit/c9b98bf
2.6 release is imminent now, this was the last issue that needed to be fixed.
Comment #26
JonMcL CreditAttribution: JonMcL commentedThanks! It's working well (7.21)
Comment #27
Wim LeersYay :)
Comment #29
dan.mantyla CreditAttribution: dan.mantyla commentedAwesome! Thanks!
Comment #30
GiorgosKDon't know if its the same problem
but I have a specific style that does not generate derivative images
meanwhile all other image derivates work
and when I disable CDN this particular style DOES work
what would be the problem here ?
what should I look for ?
What is it so closely related to CDN ?
Comment #31
kevinquillen CreditAttribution: kevinquillen commentedI still have this issue with latest Drupal and CDN over Cloudfront.
I got this going by enabling 'Forward Query Strings' to YES in Amazon. I came back to Drupal, cleared cache, and waited. The new images that were not showing previously (with Access Denied) are now showing as they should, with the token string on the end.
Comment #32
mikeytown2 CreditAttribution: mikeytown2 commentedSee #1934498: Allow the image style 'itok' token to be suppressed in image derivative URLs
Heads up that https://www.drupal.org/project/imageinfo_cache can remove itok from the image url.
Comment #33
web226 CreditAttribution: web226 commentedThank you kevinquillen. your fix #31 worked for me too.
Comment #34
markl17 CreditAttribution: markl17 as a volunteer and commentedasking a very noob question where in cdn module does it ask for secure id for s3 to verify your writes to happen