[keycloak-dev] PR - Remove Keycloak version from resource paths
Marek Posolda
mposolda at redhat.com
Thu Nov 14 09:23:19 EST 2019
Approved the PR, but there are conflicts due the already merged
"authentication flow" PR.
As a future enhancement, it will be nice if administrator has a way to
manually invalidate the stored random characters. It could be useful in
case that admin deployed some changes in themes and he wants all the
users to see latest theme files. I think we already discuss this some
time ago. Not sure if this would require some more changes in the model
as I can see that randomly generated characters are used as ID of the
migrationModel entity. But that can be likely re-evaluated in the future
if needed.
Marek
On 14. 11. 19 14:26, Stan Silvert wrote:
> +1
>
> On 11/14/2019 6:36 AM, Stian Thorgersen wrote:
>> Today, Keycloak includes the Keycloak version in resource paths to make
>> sure browsers fetch the new versions of resources after an upgrade.
>>
>> It is not good practice to expose the version of software on public
>> endpoints, as such we need to change this behavior.
>>
>> To achieve this I've updated the migration model to create a random 5
>> character URL friendly id that is persisted in the database, which is then
>> used in place of the Keycloak version.
>>
>> That means there will be a unique resource version for each installation of
>> Keycloak, which is updated when Keycloak is upgraded. To prevent conflicts
>> the previous versions are not deleted from the migration model.
>>
>> PR is here: https://github.com/keycloak/keycloak/pull/6473
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list