Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove crossorigin and SRI from our static assets (CSS/JS) #1993

Merged
merged 1 commit into from
Feb 3, 2020
Merged

Remove crossorigin and SRI from our static assets (CSS/JS) #1993

merged 1 commit into from
Feb 3, 2020

Conversation

Nooshu
Copy link

@Nooshu Nooshu commented Jan 7, 2020
edited
Loading

Change to remove SRI on the JavaScript / CSS and remove the crossorigin attribute.

This change is part of RFC-115.

Changes have been tested on integration, seen here

@Nooshu Nooshu requested a review from alex-ju January 30, 2020 11:04
@Nooshu Nooshu changed the title Change crossorigin from 'anonymous' to 'use-credentials' Remove crossorigin and SRI from our static assets (CSS/JS) Jan 30, 2020
@Nooshu
Copy link
Author

Nooshu commented Jan 30, 2020
edited
Loading

I've verified that we are seeing what is expected. Using Chrome DevTools, under the Network tab there is a column called 'Connection ID'. This identifies which TCP connection the asset was loaded on. I exported a HAR file from Chrome and examined it:

124231
* HTML

124279
* CSS

124280
* Image
* CSS

124281
* Script
* Image
* CSS

124282
* Script
* Image

124283
* Script
* CSS

124284
* Image
* favicon
* CSS

124288 (anonymous connection)
* Font

124344 (anonymous connection)
* Font

Still on HTTP/1 so we are still seeing 9 TCP connections, but that is better than the 13/14 we were seeing before.

Proof that it is working is we have CSS and Scripts both coming down the same connection ID as the images. Whereas before in anonymous mode they wouldn't be able to be downloaded on the same connection as the images (since the images used a credentialed TCP connection).

Both the CSS and JS are downloading and executing as expected as seen below:

Screenshot 2020-01-30 at 14 44 48

alex-ju
alex-ju approved these changes Jan 30, 2020
View reviewed changes
Copy link
Contributor

@alex-ju alex-ju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

This was referenced Jan 30, 2020
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@alex-ju alex-ju merged commit c1f6bad into master Feb 3, 2020
@alex-ju alex-ju deleted the sri-change branch February 3, 2020 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex-ju alex-ju alex-ju approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Nooshu @alex-ju @karlbaker02