fusio icon indicating copy to clipboard operation
fusio copied to clipboard
verified publisher icon apioo

Hardcoded localhost URL in Fusio apps prevents production deployment

Open haposan06 opened this issue 3 months ago • 5 comments

🐛Description

The Fusio marketplace apps contain hardcoded localhost:8080 URLs that prevent proper functioning in production environments. This breaks authentication and API communication when deployed to Kubernetes or other container orchestration platforms.

📍 Affected Files

  • inaproc-api-gateway/public/apps/account/index.html (line 12)
  • inaproc-api-gateway/public/apps/developer/index.html (likely affected)
  • inaproc-api-gateway/public/apps/fusio/index.html (likely affected)

🔍 Current Problem

Existing:

<script>
    FUSIO_URL = 'http://localhost:8080/';  // ❌ Hardcoded localhost
    FUSIO_APP_KEY = '985da1a2-51fc-4f53-9667-7f36f295e35d';
    RECAPTCHA_KEY = '';
</script>

So i have these environments in my kubernetes yaml

- name: APP_URL
          value: "https://data.company.dev"
- name: APP_APPS_URL
          value: "https://data.company.dev/apps"


and in the docker-entrypoint.sh I also executed
echo "Updating app configurations..."
php bin/fusio marketplace:env -

So when I deployed it and navigate to https://data.company.dev/apps/account/login,
the login button still pointing to localhost:8080

haposan06 avatar Oct 07 '25 14:10 haposan06

Hi @haposan06, at the backend, developer app etc. the paths are actual nor hard-coded, they look like s.

Image

On installation those values are then replaced with the value from your configuration. If you use the docker image you need to configure the FUSIO_URL and FUSIO_APPS_URL then they should be replaced with the correct values.

chriskapp avatar Oct 07 '25 15:10 chriskapp

Hi @chriskapp .

I realized I missed mentioning a few steps earlier.

I chose the installation method using git clone to clone the repository. Then I set both APP_URL and APP_APPS_URL in the .env file to localhost:8080. After that, I installed the backend (fusio) and the apps/account module.

Next, I modified the CSS files in /apps/account to meet my prototyping requirements, and then I built a Docker image containing the customized code.

I just realized that the index.html files for the apps are pre-built using the current .env values when running php bin/fusio marketplace:install account.

So if I want to customize the CSS for the Account app, what would be your suggested steps to do that properly?

haposan06 avatar Oct 07 '25 17:10 haposan06

ok I see, if this is just a prototype I would simply hard-code the correct url in the apps/account/index.html with the adjusted css and then build the image.

If you want to actually use the account app outside of a prototype I would recommend to clone/fork the account app repo https://github.com/apioo/fusio-apps-account and make there your adjustments. Then you could also create a dedicated docker image only for the account app, also with the hard-coded Fusio API url. Then you can run this account app on any domain and you can easily make further adjustments.

chriskapp avatar Oct 07 '25 18:10 chriskapp

We plan to use it on production actually. How about if generated account app code still using the placeholder, instead of hardcoded value from .env value? That will give flexibility to provide the value during runtime rather than build time

Image

haposan06 avatar Oct 08 '25 01:10 haposan06

The problem is that the request to the index.html is directly served through the web server as static file so at this stage we have no way to replace those values. This is basically the reason why we replace them on installation.

chriskapp avatar Oct 08 '25 23:10 chriskapp