Share included content not working

[0xRoM]

Description

I access trilium from admin.example.com. On my main page I have:

~shareCss(inheritable)=csspage ~shareHtml(inheritable)=htmlinjected

I have a reverse proxy to /share/ and added an exception for /api/

    RewriteCond %{REQUEST_URI} ^/api/ [NC]
    RewriteRule ^/(.*)$ http://localhost:8082/$1 [P,L]

    RewriteCond %{REQUEST_URI} !^/api/ [NC]
    RewriteRule ^/(.*)$ http://localhost:8082/share/$1 [P,L]

    ProxyPassReverse / http://localhost:8082/
    ProxyPassReverseCookiePath /share/ /

when visiting the site "test.example.com" (which uses the above apache config) I am getting errors:

GET http://test.example.com/api/notes/l0lI2wfNV8Gi/download net::ERR_ABORTED 401 (Unauthorized)

which is expected but I thought including via those attributes would use the /shared/ location to mitigate needing logon access?!

TriliumNext Version

0.102.1

What operating system are you using?

Other Linux

What is your setup?

Server access only

Operating System Version

Win 10 & Debian

Error logs

No response

[dosubot]

Hi @0xRoM! I'm Dosu and I’m helping the Trilium team.

This looks like a bug in how Trilium generates URLs for shared CSS/JS resources. When a shared page loads CSS via ~shareCss, the content renderer generates paths as api/notes/{noteId}/download (relative path) instead of /share/api/notes/{noteId}/download.

This means when your browser loads test.example.com/somepage, the relative path resolves to test.example.com/api/notes/... (the authenticated endpoint requiring login) instead of the public /share/api/ endpoint.

Workaround: Modify your Apache config to rewrite /api/notes/ requests to /share/api/notes/ on your shared domain:

# For test.example.com - rewrite api requests to share/api
RewriteCond %{REQUEST_URI} ^/api/(notes|images|attachments)/ [NC]
RewriteRule ^/api/(.*)$ http://localhost:8082/share/api/$1 [P,L]

# Everything else goes to /share/
RewriteCond %{REQUEST_URI} !^/api/ [NC]
RewriteRule ^/(.*)$ http://localhost:8082/share/$1 [P,L]

ProxyPassReverse / http://localhost:8082/
ProxyPassReverseCookiePath /share/ /

Also make sure your CSS note is itself shared (has #shareRoot or is a descendant of a shared note) - the CSS/HTML notes must be shared for this to work.

This issue affects shareCss, shareJs, shareLogo, shareFavicon, and image/attachment references in shared notes. There are related issues tracking similar path problems with reverse proxies: #8790, #8791.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

   

[0xRoM]

Thanks for fixing it :) that did the trick. if anyone is interested the following is the complete working apache2 reverse proxy config:

╰» cat test.example.com.conf 
<VirtualHost *:80>
    ServerName test.example.com

    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode

    RewriteEngine On

        # For test.example.com - rewrite api requests to share/api
        RewriteCond %{REQUEST_URI} ^/api/(notes|images|attachments)/ [NC]
        RewriteRule ^/api/(.*)$ http://localhost:8082/share/api/$1 [P,L]

        # Allow direct /share/ access (no rewrite)
        RewriteCond %{REQUEST_URI} ^/share/ [NC]
        RewriteRule ^/(.*)$ http://localhost:8082/$1 [P,L]

        # Everything else goes to /share/
        RewriteCond %{REQUEST_URI} !^/api/ [NC]
        RewriteRule ^/(.*)$ http://localhost:8082/share/$1 [P,L]

        ProxyPassReverse / http://localhost:8082/
        ProxyPassReverseCookiePath /share/ /

    ErrorLog ${APACHE_LOG_DIR}/trilium-error.log
    CustomLog ${APACHE_LOG_DIR}/trilium-access.log combined
</VirtualHost>

[eliandoran]

Reopening because it is indeed an issue, even if it can be worked around.