Skip to content

Inline oc.js when possible! #1917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MorrisJobke merged 4 commits into from
Oct 25, 2016
Merged

Inline oc.js when possible! #1917

MorrisJobke merged 4 commits into from
Oct 25, 2016

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented Oct 25, 2016

With #1871 in we can now do fancy pancy stuff. Like inline javascript safely.

This PR bring you the inlining of oc.js. This file was loaded on each pageload separatly and was a blocking call! Now if your browser support CSPv3 it will inline the file saving you a blocking (non cacheable request!).

  • Move oc.js generation to helper class
  • Move CSPv3 test
  • Inline oc.js when possible

@LukasReschke as discussed!

CC: @MorrisJobke @nickvergessen @icewind1991

@rullzer rullzer added enhancement 3. to review Waiting for reviews labels Oct 25, 2016
@rullzer rullzer added this to the Nextcloud 11.0 milestone Oct 25, 2016
@mention-bot
Copy link

mention-bot commented Oct 25, 2016

@rullzer, thanks for your PR! By analyzing the history of the files in this pull request, we identified @LukasReschke, @DeepDiver1975 and @icewind1991 to be potential reviewers.

LukasReschke
LukasReschke requested changes Oct 25, 2016
View reviewed changes
Copy link
Member

@LukasReschke LukasReschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Some nitpicks are still existent though ;)

core/Controller/OCJSController.php
/** @var JSConfigHelper */
private $helper;

public function __construct($appName,
Copy link
Member

@LukasReschke LukasReschke Oct 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A kingdom for PHPDocs 🚀

core/templates/layout.base.php Outdated
<?php endforeach; ?>
<?php if (isset($_['inline_ocjs'])): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
<?php echo($_['inline_ocjs']); ?>
Copy link
Member

@LukasReschke LukasReschke Oct 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print_unescaped? :)

core/templates/layout.guest.php Outdated
<?php endforeach; ?>
<?php if (isset($_['inline_ocjs'])): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
<?php echo($_['inline_ocjs']); ?>
Copy link
Member

@LukasReschke LukasReschke Oct 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print_unescaped? :)

core/templates/layout.user.php Outdated
<?php endforeach; ?>
<?php if (isset($_['inline_ocjs'])): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
<?php echo($_['inline_ocjs']); ?>
Copy link
Member

@LukasReschke LukasReschke Oct 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print_unescaped? :)

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
ContentSecurityPolicyManager $contentSecurityPolicyManager,
CsrfTokenManager $csrfTokenManager) {
CsrfTokenManager $csrfTokenManager,
ContentSecurityPolicyNonceManager $cspNonceManager) {
Copy link
Member

@LukasReschke LukasReschke Oct 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update PHPDoc? ;)

@rullzer
Move oc.js to a proper class
d5589a1 
Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer
Move browserSupportsCspV3 to CSPNonceManager
e351ba5 
Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer
Inlince oc.js if possible!
6dbe417 
Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer
Copy link
Member Author

rullzer commented Oct 25, 2016

@LukasReschke fixed

@LukasReschke
Copy link
Member

LukasReschke commented Oct 25, 2016

Good stuff! 👍

@codecov-io
Copy link

codecov-io commented Oct 25, 2016

Current coverage is 57.34% (diff: 3.01%)

Merging #1917 into master will decrease coverage by 0.17%

@@             master      #1917   diff @@
==========================================
  Files          1076       1078     +2   
  Lines         61310      61498   +188   
  Methods        6871       6875     +4   
  Messages          0          0          
  Branches          0          0          
==========================================
- Hits          35266      35265     -1   
- Misses        26044      26233   +189   
  Partials          0          0

Sunburst

Diff Coverage File Path
0% core/routes.php
0% core/templates/layout.base.php
0% new core/Controller/OCJSController.php
0% core/templates/layout.user.php
0% lib/private/TemplateLayout.php
0% core/templates/layout.guest.php
0% new lib/private/Template/JSConfigHelper.php
•• 28% ...e/Security/CSP/ContentSecurityPolicyNonceManager.php
•••••••••• 100% ...ate/AppFramework/DependencyInjection/DIContainer.php
•••••••••• 100% lib/private/Server.php

Review all 11 files changed

Powered by Codecov. Last update 35c7ece...015affb

@MorrisJobke
Copy link
Member

MorrisJobke commented Oct 25, 2016
edited
Loading

Code looks good and I tested this in Firefox, Safari, Chrome, IE and Edge. 👍

@MorrisJobke MorrisJobke merged commit 9a70c13 into master Oct 25, 2016
@MorrisJobke MorrisJobke deleted the ocjs_inline branch October 25, 2016 22:20
@LukasReschke
Copy link
Member

LukasReschke commented Oct 26, 2016

Small addition: #1920 :)

@nickvergessen
Copy link
Member

nickvergessen commented Oct 31, 2016

Please also delete the old file, just cost björn and me some minutes to figure out, why the break point didn't stop...

This was referenced Oct 31, 2016
Merged
Closed
@kaocher82 kaocher82 mentioned this pull request Feb 9, 2021
Open
@gisforgirard gisforgirard mentioned this pull request Feb 18, 2021
Closed
@gisforgirard gisforgirard mentioned this pull request Feb 26, 2021
Open
@Jessi1983 Jessi1983 mentioned this pull request Mar 10, 2021
Open
@snyk-bot snyk-bot mentioned this pull request Jun 15, 2021
Merged
@dwoodiwiss dwoodiwiss mentioned this pull request May 16, 2022
Open
@TomG736 TomG736 mentioned this pull request May 17, 2022
Open
@checkoss checkoss mentioned this pull request May 17, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LukasReschke LukasReschke LukasReschke approved these changes

Assignees

No one assigned

Labels

3. to review Waiting for reviews enhancement

Projects

None yet

Milestone

Nextcloud 11.0

Development

Successfully merging this pull request may close these issues.

7 participants

@rullzer @mention-bot @LukasReschke @codecov-io @MorrisJobke @nickvergessen