Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-23768

Missing RequireJS module can slow down or even block the PDF export

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Critical
    • None
    • 16.10.14, 17.10.0
    • Export - PDF, Old Core
    • None
    • Unknown

    Description

      Follow these steps to reproduce:

      • login with an administrator
      • create a page with a JSX object having this code: 
        require(['missing'], () => {});
      • Set the JSX to be loaded on that page or on demand
      • Check the Network tab in view mode. You should see a failed attempt to load the missing module from: 
        /xwiki/bin/view/Your/Page/missing.js
      • The response should be very small, ~70KB
      • Export the page to PDF, using your own browser as PDF generator, but inspect the web page first and open the print preview URL (from the iframe added at the end of the BODY) in a new browser tab
      • Check the Network tab for the print preview page and looks for the missing module. This time it is loaded successfully from: 
        /xwiki/bin/export/Your/Page/missing.js
      • The response is about 15MB for a clean wiki, but it can be way more for large wikis because that URL is actually performing a backup XAR export of the entire wiki... so depending on the size of the wiki the PDF export may be slowed down, the best case, or prevented, worse case.

      The explanation is that:

      • when RequireJS is asked to load a module it doesn't know it simply adds the .js and creates a URL relative to the current URL
      • the PDF print preview is using the export action in order to allow macros to behave differently during PDF export
      • the missing RequireJS module ends up using the export action, without any additional query string
      • the /export/ URL without any parameters triggers a backup XAR export of the wiki if the current user has wiki administration rights

      Extensions / macros could be written defensively so that they don't try to load RequireJS modules that are missing (have not been defined), in case those modules are provided by a soft (optional) dependency that may be missing:

      if (require.defined('foo')) {
  require(['foo'], (foo) => {
    ...
  });
}

      but mistakes are always possible so it would be better if we can prevent the problem on the platform side. For this I find it strange that a simple /export/ URL without any parameters is triggering a resource intensive process to export the wiki, even if you are logged in as an administrator. I see two options here:

      • ask for a CSRF token to export as backup
      • export as backup only if there is a confirmation request parameter

      Attachments

        Activity

          People

            mflorea Marius Dumitru Florea
            mflorea Marius Dumitru Florea
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: