Hi Shenavi Both issues you mention are valid. 1. The reason to add a white list is to prevent users from uploading malicious script. And we should remove the unsupported files from the sample. Also we might need to move the white-list to a config file.
2. And yes we should replace the entire directory instead of copying the files in to the existing theme. Regards Jo On Tue, Mar 1, 2016 at 10:44 AM, Shenavi de Mel <[email protected]> wrote: > Hi APIM team, > > I have a few question regarding the uploading of tenant themes to the APIM. > > 1. When i was uploading a tenant theme for a tenant following the tutorial > [1] i noticed some warn logs in my console. Further i noticed that the > files mentioned in those warnings are not deployed as well and are > mentioned as unsupported. Only thing i did not follow according to this > document is that i did not delete the folders that i did not change. When i > went through the code of TenantManagerHostObject.java class i noticed > that the file extensions other than "css", "jpg", "png", "gif", "svg", > "ttf", "html", "js are not considered as valid extensions and will not be > deployed with the theme. In that case is there any reason why those > unsupported files are included in the sample template [1] given for the > users to customize? > > If you could confirm or point to a documentation of what are the supported > file types which can be customized in the custom theme uploaded via the > admin-dashboard of the tenant if it is not already in the docs i feel it > might be better to include them in the docs to avoid confusion [1]. > > 2. Also i noticed if i upload a theme for the tenant and say I include a > custom css file. And later upload another theme for the same tenant hoping > to replace the previously uploaded theme and remove that css file it will > still be available. I assume it replaces the existing folder with the new > theme hence old files will not get deleted. Is there a way to make sure the > old theme is deleted and replaced by the new theme when uploading via the > admin-dashboard application or is that the default and expected behavior? > > Your thoughts would be much appreciated to understand this better and also > improve our documentation [2] to avoid confusion and provide more > information for the users. > > [1] https://docs.wso2.com/display/AM191/Adding+a+new+API+Store+Theme > [2] https://docs.wso2.com/display/APICloud/Customize+the+API+Store+Theme > > Thanks and Regards > Shenavi. > > -- -- *Joseph Fonseka* WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 772 512 430 skype: jpfonseka * <http://lk.linkedin.com/in/rumeshbandara>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
