Subpath in DOMAIN_NAME is not honored in relative links

[zudljk]

When using a subpath in DOMAIN_NAME, e.g. https://my.domain.com/wallabag, the subpath /wallabag is sometimes honored, sometimes not.

• Some links rendered in HTML are absolute links containing the whole DOMAIN_NAME including any subpath, so these links will work.
• Some other links however are rendered as relative links, which will not work when Wallabag is hosted below a subpath.

See the attached screenshot of the login page source for an example.

Environment

• Version: Docker image wallabag/wallabag:latest
• Installation: Docker
• PHP version: 8.1
• OS: Linux ARM64
• Database: MariaDB
• Parameters: -

My app/config/parameters.yml is:

   database_driver: pdo_mysql
  database_host: wallabag-db
  database_port: 3306
  database_name: wallabag
  database_user: wallabag
  database_password: wallapass
  database_path: '%kernel.project_dir%/data/db/wallabag.sqlite'
  database_table_prefix: wallabag_
  database_socket: null
  database_charset: utf8mb4
  domain_name: 'https://REDACTED.net/wallabag'
  server_name: Wallabag
  mailer_dsn: 'smtp://127.0.0.1'
  locale: en
  secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv
  twofactor_sender: no-reply@wallabag.org
  fosuser_registration: false
  fosuser_confirmation: false
  fos_oauth_server_access_token_lifetime: 3600
  fos_oauth_server_refresh_token_lifetime: 1209600
  from_email: no-reply@wallabag.org
  rss_limit: 50
  rabbitmq_host: localhost
  rabbitmq_port: 5672
  rabbitmq_user: guest
  rabbitmq_password: guest
  rabbitmq_prefetch_count: 10
  redis_scheme: tcp
  redis_host: redis
  redis_port: 6379
  redis_path: null
  redis_password: null
  sentry_dsn: null

What steps will reproduce the bug?

• Configure the Wallabag installation using docker-compose.yml with the environment variable SYMFONY__ENV__DOMAIN_NAME=https://YOUR_DOMAIN/wallabag
• Configure the reverse proxy (e.g. Traefik) to route the above URL to the Wallabag container
• Make sure the reverse proxy removes the path prefix (for Traefik: use the stripprefix middleware)
• Start the necessary containers
• Navigate to https://YOUR_DOMAIN/wallabag
• This will already fail because Wallabag redirects to /login, not honoring the subpath in the domain_name setting
• Workaround: Navigate to https://YOUR_DOMAIN/wallabag/login to circumvent the erroneous redirect
• Some resources will not be loaded correctly since the links used to load them are relative, not honoring the path.
• Try to log in using the configured default credentials. This will fail again because Wallabag will redirect to the relative link /login_check, also not honoring the subpath.

This screenshot of the source code for https://YOUR_DOMAIN/wallabag/login shows one wrong link alongside some correct links:

At the bottom of the file there are some non-functional relative links:

[zudljk]

Workaround

If you're using Traefik, you can use the following config in your docker-compose.yml:

environment:
      - "traefik.http.routers.wallabag-redirect.rule=Host(`YOUR_HOSTNAME`) && !PathPrefix(`/wallabag`) && HeadersRegexp(`Referer`, `.*/wallabag.*`)"
      - "traefik.http.routers.wallabag-redirect.middlewares=add-context"
      - "traefik.http.middlewares.add-context.redirectregex.regex=^https:\\/\\/([^\\/]+)"
      - "traefik.http.middlewares.add-context.redirectregex.replacement=https://$$1/wallabag"
      - ...

This will try to identify misdirected Wallabag links by their Referer: header and redirect them to add the missing subpath.