FIX: Secure Upload URLs in lightbox (#8451)

This fixes the following issues: * The link element on the lightbox which pops open the lightbox was linking to the S3 URL with a private ACL instead of the secure media URL for the image * Change to use `@post.with_secure_media?` in `CookedPostProcessor` for URL cooking, as in some cases, like when a post is edited and an upload is added, `upload.secure?` can be false which resulted in `srcset` URLs not being cooked correctly to secure media upload urls.
2025-02-25 18:55:32 -06:00 · 2019-12-05 00:13:09 +01:00
parent 2290ec9e87
commit d07f039468
2 changed files with 49 additions and 11 deletions
--- a/lib/cooked_post_processor.rb
+++ b/lib/cooked_post_processor.rb
@@ -375,6 +375,7 @@ class CookedPostProcessor
  def optimize_image!(img, upload, cropped: false)
    w, h = img["width"].to_i, img["height"].to_i

+    # note: optimize_urls cooks the src and data-small-upload further after this
    thumbnail = upload.thumbnail(w, h)
    if thumbnail && thumbnail.filesize.to_i < upload.filesize
      img["src"] = thumbnail.url
@@ -386,14 +387,14 @@ class CookedPostProcessor
        resized_h = (h * ratio).to_i

        if !cropped && upload.width && resized_w > upload.width
-          cooked_url = UrlHelper.cook_url(upload.url, secure: upload.secure?)
+          cooked_url = UrlHelper.cook_url(upload.url, secure: @post.with_secure_media?)
          srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0$/, "")}x"
        elsif t = upload.thumbnail(resized_w, resized_h)
-          cooked_url = UrlHelper.cook_url(t.url, secure: upload.secure?)
+          cooked_url = UrlHelper.cook_url(t.url, secure: @post.with_secure_media?)
          srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0$/, "")}x"
        end

-        img["srcset"] = "#{UrlHelper.cook_url(img["src"], secure: upload.secure?)}#{srcset}" if srcset.present?
+        img["srcset"] = "#{UrlHelper.cook_url(img["src"], secure: @post.with_secure_media?)}#{srcset}" if srcset.present?
      end
    else
      img["src"] = upload.url
@@ -411,7 +412,8 @@ class CookedPostProcessor
    lightbox.add_child(img)

    # then, the link to our larger image
-    a = create_link_node("lightbox", img["src"])
+    src = UrlHelper.cook_url(img["src"], secure: @post.with_secure_media?)
+    a = create_link_node("lightbox", src)
    img.add_next_sibling(a)

    if upload