I think this is a great idea - just need to double check that this is all of the things.

I do wonder if we should however migrate our URLs to use a non user name allowed character as the root (and explicitly exclude it in the reserved list for future safety)

RFC 3986 allows the following in segments:

• [A-Za-z0-9_.-]
• ~
• %-encoded chars
• [!$&'()]
• @

Although: is allowed in some paths its use in relative paths would be a source of trouble. (Similarly& and@ could be troublesome)

I think of these characters! and~ seem the most likely to be unambiguously internal the trouble is I don't know how it would affect markdown.

I thinkassets is a unlikely name for an organization or user and would just go ahead and reserve it while calling out the change in the release notes.

Is the PR complete? I think after it there should only beassets andserviceworker.js as remaining entriesKnownPublicEntries. I think serviceworker probably has to remain on root because of restrictions on that API which I can't find docs for right now.

I think we can put serviceworker.js intoassets/serviceworker.js as per:

https://developers.google.com/web/ilt/pwa/introduction-to-service-worker#registration_and_scope

The scope of the service worker determines which files the service worker controls, in other words, from which path the service worker will intercept requests. The default scope is the location of the service worker file, and extends to all directories below. So if service-worker.js is located in the root directory, the service worker will control requests from all files at this domain.

Meaning the serviceworker is restricted to manage files underassets which is ideal in our case as it should not manage anything else.

I thinkassets is a unlikely name for an organization or user and would just go ahead and reserve it while calling out the change in the release notes.

it's been reserved sinceat least#4685#20

I think this is a great idea - just need to double check that this is all of the things.

I do wonder if we should however migrate our URLs to use a non user name allowed character as the root (and explicitly exclude it in the reserved list for future safety)

RFC 3986 allows the following in segments:

• [A-Za-z0-9_.-]
• ~
• %-encoded chars
• [!$&'()]
• @

Although: is allowed in some paths its use in relative paths would be a source of trouble. (Similarly& and@ could be troublesome)

I think of these characters! and~ seem the most likely to be unambiguously internal the trouble is I don't know how it would affect markdown.

yes, If we want all words are useable user org, or repo name. we should make sure all One or two levels of routing has_ as prefix(like_user/xxxxx,_org/xxxx). But in fact, that's not soo usefull...

suggest remove some reserved words. Please check again. Thanks.

• admin (It's a meaningfull user name, isn't it? :) )
• debug (not used)
• error (not used)
• help (not used)
• plugins (not used)
• template (a not verry usefull router for development, suggest rename to_template)

suggest remove some reserved words. Please check again. Thanks.

• admin (It's a meaningfull user name, isn't it? :) )
• debug (not used)
• error (not used)
• ghost (I wonder why ...)
• help (not used)
• plugins (not used)
• template (a not verry usefull router for development, suggest rename to_template)

This could be another PR.

suggest remove some reserved words. Please check again. Thanks.

@a1012112796 No, of some I know that they are used, the others should be very thoughly checked.
/admin → admin dashboard
ghost → user name of deleted users

I think there should be something missing, at least oauth2 login logos. maybe you can search "/img to find more.

Patch to fix loading of webpack assets (like label color picker image):

diff --git a/webpack.config.js b/webpack.config.jsindex 53d553825..44d50a45e 100644--- a/webpack.config.js+++ b/webpack.config.js@@ -185,17 +185,17 @@ export default {         test: /\.(ttf|woff2?)$/,         type: 'asset/resource',         generator: {           filename: 'fonts/[name][ext]',-          publicPath: '/', // required to remove css/ path segment+          publicPath: '/assets/', // required to remove css/ path segment         }       },       {         test: /\.png$/i,         type: 'asset/resource',         generator: {           filename: 'img/webpack/[name][ext]',-          publicPath: '/', // required to remove css/ path segment+          publicPath: '/assets/', // required to remove css/ path segment         }       },     ],   },

Codecov Report

Merging#15219 (13bb69b) intomaster (487f2ee) willincrease coverage by1.62%.
The diff coverage is54.99%.

@@            Coverage Diff             @@##           master   #15219      +/-   ##==========================================+ Coverage   42.21%   43.83%   +1.62%==========================================  Files         767      677      -90       Lines       81624    81339     -285     ==========================================+ Hits        34458    35657    +1199+ Misses      41531    39910    -1621- Partials     5635     5772     +137

Continue to review full report at Codecov.

Legend -Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing data
Powered byCodecov. Last updated42509a...13bb69b. Read thecomment docs.

make lgtm work

Codecov Report

Merging#15219 (0e36b41) intomaster (cc7d118) willdecrease coverage by0.00%.
The diff coverage is85.71%.

@@            Coverage Diff             @@##           master   #15219      +/-   ##==========================================- Coverage   43.91%   43.91%   -0.01%==========================================  Files         678      678                Lines       81741    81742       +1     ==========================================- Hits        35900    35895       -5- Misses      39987    39998      +11+ Partials     5854     5849       -5

Continue to review full report at Codecov.

Legend -Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing data
Powered byCodecov. Last updatecc7d118...0e36b41. Read thecomment docs.