Limit subresource integrity hash to SHA512 for JavaScript compilation#7732
Merged
Limit subresource integrity hash to SHA512 for JavaScript compilation#7732
Conversation
- Improve build performance - Reduce rendered page size changelog: Internal, Performance, Reduce size of rendered page
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🛠 Summary of changes
Changes Webpack JavaScript compilation to generate only SHA512 hashes for resource, overriding default which would generate integrity for SHA256, SHA384, and SHA512.
The thinking here being that the SRI specification requires users agents to include support for all three algorithms, so there should be no risk that a browser would only implement one but not other hash algorithms.
Limiting the number of algorithms could potentially allow for some marginal savings in build time by avoiding unnecessary hashing of file contents†, as well as reducing the overall size of rendered pages.
Of the three, SHA512 was chosen as being the most collision-resistant hashing algorithm.
† anecdotally seeing around 3% reduction in build time over an average of 5 runs
📜 Testing Plan
NODE_ENV=production yarn buildrails s