Coder Social home page Coder Social logo

Comments (3)

josephliccini avatar josephliccini commented on June 9, 2024

I did some testing, and it looks like Firefox, Safari, and Edge are fine, just Chrome has this issue.

from webpack-subresource-integrity.

jscheid avatar jscheid commented on June 9, 2024

Hi, thanks for bringing this to my attention. I've got a lot going on this week but hoping to take a closer look next week.

In addition to the README change you suggested, perhaps we should detect when /* webpackPreload: "true" */ is used and warn if so?

Do I understand correctly that adding SRI to <link rel="preload"> would not be helpful at this point?

Also, does "breaking the preloading mechanism" mean what I think it means - that the page still works, but without preloading?

I'm also curious about what you mean by double-fetch. It probably isn't necessary for me to understand but I'd like to know how that would come about in your case, if you wouldn't mind going into a bit more detail.

from webpack-subresource-integrity.

jscheid avatar jscheid commented on June 9, 2024

I've investigated this a bit more and found the following (all tested with the current release of the plugin, 1.3.2 -- the upcoming 1.3.3 doesn't make any changes to preload handling so should be identical):

Safari 12.1.2 (14607.3.9)

No warnings, loads resource once, preloads correctly, regardless of whether integrity is specified on the link tag.

Firefox 68.0.2

No warnings, preloads correctly (requires network.preload setting to be enabled) but only if integrity is added to the link rel="preload" tag. Without integrity the resource gets loaded twice.

Chrome 76.0.3809.132

Prints a warning about integrity mismatch (and another one about the resource not being used in time) regardless of whether integrity is present on the preload tag or not. (I've tried a few things, such as HTTP/2, to see if I can make it work but doesn't seem to make a difference.)

Based on the above and on the recent spec changes discussed in the ticket you linked to, @josephliccini, we should add integrity to link tags to make things work correctly on Firefox and (hopefully) future Chrome versions.

I'm planning to release that in version 1.4.0 some time in the near future. Since the feature is either broken or behind a feature flag, it doesn't appear to be urgent. In the meantime, I've added the warning to the README as you've suggested.

from webpack-subresource-integrity.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.