Comments (3)
I did some testing, and it looks like Firefox, Safari, and Edge are fine, just Chrome has this issue.
from webpack-subresource-integrity.
Hi, thanks for bringing this to my attention. I've got a lot going on this week but hoping to take a closer look next week.
In addition to the README change you suggested, perhaps we should detect when /* webpackPreload: "true" */
is used and warn if so?
Do I understand correctly that adding SRI to <link rel="preload">
would not be helpful at this point?
Also, does "breaking the preloading mechanism" mean what I think it means - that the page still works, but without preloading?
I'm also curious about what you mean by double-fetch. It probably isn't necessary for me to understand but I'd like to know how that would come about in your case, if you wouldn't mind going into a bit more detail.
from webpack-subresource-integrity.
I've investigated this a bit more and found the following (all tested with the current release of the plugin, 1.3.2 -- the upcoming 1.3.3 doesn't make any changes to preload handling so should be identical):
Safari 12.1.2 (14607.3.9)
No warnings, loads resource once, preloads correctly, regardless of whether integrity is specified on the link
tag.
Firefox 68.0.2
No warnings, preloads correctly (requires network.preload
setting to be enabled) but only if integrity is added to the link rel="preload"
tag. Without integrity the resource gets loaded twice.
Chrome 76.0.3809.132
Prints a warning about integrity mismatch (and another one about the resource not being used in time) regardless of whether integrity is present on the preload tag or not. (I've tried a few things, such as HTTP/2, to see if I can make it work but doesn't seem to make a difference.)
Based on the above and on the recent spec changes discussed in the ticket you linked to, @josephliccini, we should add integrity to link tags to make things work correctly on Firefox and (hopefully) future Chrome versions.
I'm planning to release that in version 1.4.0 some time in the near future. Since the feature is either broken or behind a feature flag, it doesn't appear to be urgent. In the meantime, I've added the warning to the README as you've suggested.
from webpack-subresource-integrity.
Related Issues (20)
- Subresource Integrity support for Module Federation plugin chunks HOT 14
- Interoperability with 'mini-css-extract-plugin' HOT 1
- Interoperability with resource hints HOT 3
- Upgraded from 1 -> 5 and now integrity value is not available in custom webpack plugin HOT 4
- Chunk with id `0` missing from `sriHashes` HOT 7
- Firefox integrity hash + csp issue HOT 6
- TypeError: Class extends value undefined is not a constructor or null HOT 6
- Empty cssIntegrity/jsIntegrity when setting realContentHash to true HOT 2
- ignore error in ModuleFederationPlugin HOT 1
- 处理ModuleFederation问题 HOT 1
- Feature request: supporting additional file types beyond CSS and JS HOT 2
- Build Fails With HtmlWebpackPlugin HOT 1
- TypeError: Class extends value undefined is not a constructor or null HOT 1
- use mini-css-extract-plugin,js css create same chunkId
- Can this be used in nextjs
- Build fails when resource name contains percent encoded character
- [Question] From non-web developer about bundle's SRI
- Missing hashes when using cache groups
- What is the proper set up with a childcompiler usecase HOT 1
- Unresolved integrity placeholders HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webpack-subresource-integrity.