18F · aduth · May 14, 2024 · May 13, 2024 · May 13, 2024 · May 13, 2024
diff --git a/app/helpers/script_helper.rb b/app/helpers/script_helper.rb
@@ -21,6 +21,7 @@ def render_javascript_pack_once_tags(...)
             **attributes,
             crossorigin: local_crossorigin_sources? ? true : nil,
             integrity: asset_sources.get_integrity(source),
+            nopush: false,
           )
         end
       end

diff --git a/app/helpers/stylesheet_helper.rb b/app/helpers/stylesheet_helper.rb
@@ -13,7 +13,7 @@ def stylesheet_tag_once(*names)
   def render_stylesheet_once_tags(*names)
     stylesheet_tag_once(*names) if names.present?
     return if @stylesheets.blank?
-    safe_join(@stylesheets.map { |stylesheet| stylesheet_link_tag(stylesheet) })
+    safe_join(@stylesheets.map { |stylesheet| stylesheet_link_tag(stylesheet, nopush: false) })
   end
 end
 # rubocop:enable Rails/HelperInstanceVariable
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
@@ -85,12 +85,13 @@
   </p>
 <% end %>
 
-<%= javascript_packs_tag_once('platform-authenticator-available') %>
+<%= javascript_packs_tag_once('platform-authenticator-available', preload_links_header: false) %>
 <% if IdentityConfig.store.participate_in_dap %>
   <!-- <%= t('notices.dap_participation') %> -->
   <%= javascript_packs_tag_once(
         'https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=GSA&subagency=TTS',
         async: true,
         id: '_fed_an_ua_tag',
+        preload_links_header: false,
       ) %>
 <% end %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -1,5 +1,5 @@
 <%= content_for(:head) do %>
-  <%= javascript_include_tag('init.js') %>
+  <%= javascript_include_tag('init.js', nopush: false) %>
 <% end %>
 
 <%= extends_layout :base, body_class: local_assigns.fetch(:body_class, 'site tablet:bg-primary-lighter') do %>

diff --git a/app/views/layouts/base.html.erb b/app/views/layouts/base.html.erb
@@ -16,10 +16,10 @@
   <%= javascript_tag(nonce: true) do %>
     document.documentElement.classList.replace('no-js', 'js');
   <% end %>
-  <%= preload_link_tag font_url('public-sans/PublicSans-Bold.woff2') %>
-  <%= preload_link_tag font_url('public-sans/PublicSans-Regular.woff2') %>
+  <%= preload_link_tag font_path('public-sans/PublicSans-Bold.woff2') %>
+  <%= preload_link_tag font_path('public-sans/PublicSans-Regular.woff2') %>
   <%= render_stylesheet_once_tags %>
-  <%= stylesheet_link_tag 'application' %>
+  <%= stylesheet_link_tag 'application', nopush: false %>
   <%= stylesheet_link_tag 'print', media: :print, preload_links_header: false %>
   <%= csrf_meta_tags %>
 
@@ -69,7 +69,7 @@
         { type: 'application/json', data: { config: '' } },
         false,
       ) %>
-  <%= javascript_packs_tag_once('track-errors', async: true) if BrowserSupport.supported?(request.user_agent) %>
+  <%= javascript_packs_tag_once('track-errors', async: true, preload_links_header: false) if BrowserSupport.supported?(request.user_agent) %>
   <%= render_javascript_pack_once_tags %>
 <% end %>
 

diff --git a/app/views/session_timeout/_expire_session.html.erb b/app/views/session_timeout/_expire_session.html.erb
@@ -4,4 +4,4 @@
               timeout_refresh_path: timeout_refresh_path,
             } %>
 
-<%= javascript_packs_tag_once 'session-expire-session' %>
+<%= javascript_packs_tag_once 'session-expire-session', preload_links_header: false %>
diff --git a/spec/helpers/script_helper_spec.rb b/spec/helpers/script_helper_spec.rb
@@ -78,6 +78,16 @@
         )
       end
 
+      it 'adds preload header without nopush attribute' do
+        render_javascript_pack_once_tags
+
+        expect(response.headers['link']).to eq(
+          '</application.js>; rel=preload; as=script,' \
+            '</document-capture.js>; rel=preload; as=script',
+        )
+        expect(response.headers['link']).to_not include('nopush')
+      end
+
       context 'with script integrity available' do
         before do
           allow(Rails.application.config.asset_sources).to receive(:get_integrity).and_return(nil)

diff --git a/spec/helpers/stylesheet_helper_spec.rb b/spec/helpers/stylesheet_helper_spec.rb
@@ -30,6 +30,13 @@
           visible: :all,
         )
       end
+
+      it 'adds preload header without nopush attribute' do
+        render_stylesheet_once_tags
+
+        expect(response.headers['link']).to eq('</stylesheets/styles.css>; rel=preload; as=style')
+        expect(response.headers['link']).to_not include('nopush')
+      end
     end
 
     context 'same stylesheet enqueued multiple times' do

diff --git a/spec/views/devise/sessions/new.html.erb_spec.rb b/spec/views/devise/sessions/new.html.erb_spec.rb
@@ -193,8 +193,12 @@
 
       it 'renders DAP analytics' do
         allow(view).to receive(:javascript_packs_tag_once)
-        expect(view).to receive(:javascript_packs_tag_once).
-          with(a_string_matching('https://dap.digitalgov.gov/'), async: true, id: '_fed_an_ua_tag')
+        expect(view).to receive(:javascript_packs_tag_once).with(
+          a_string_matching('https://dap.digitalgov.gov/'),
+          async: true,
+          preload_links_header: false,
+          id: '_fed_an_ua_tag',
+        )
 
         render
       end