Skip to content

feat(@angular/cli): add build flag --inline-asset-max-size Maximum size of asset to inline #8967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

feat(@angular/cli): add build flag --inline-asset-max-size Maximum size of asset to inline #8967

wants to merge 1 commit into from

Conversation

@oburakevych
Copy link

@oburakevych oburakevych commented Dec 22, 2017
edited
Loading

When building an Angular app with Angular CLI, resources in CSS, e.g. svg images, less than 10kb in size will be inlined.

This sounds like a good concept from the performance point of view, however, it may violate very strict Content Security Policies in some apps, which has to satisfy stricter security requirements: #8945

data: Allows data: URIs to be used as a content source. This is insecure; an attacker can also inject arbitrary data: URIs. Use this sparingly and definitely not for scripts.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src

Instead of ejecting webpack, this PR adds a new build flag
--inline-asset-max-size that instructs Angular CLI NOT to inline any assets, e.g. images, in CSS due to strict CSP requirements.

  • Added build flag --inline-asset-max-size - Maximum size (in Kb) of assets to be inlined
  • Positive integer defines the max number of assets to be inlined
  • Negative integer - no assets to be inlined.

This was referenced Dec 22, 2017
Closed
Closed
blackholegalaxy
blackholegalaxy reviewed Dec 23, 2017
View reviewed changes
docs/documentation/build.md
If a resource is less than 10kb it will also be inlined.
If a resource is less than 10kb it will also be inlined by default.

By using flaf `--inline-asset-max-size` it's possible to define the max size of the
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo "flag"

@filipesilva filipesilva requested a review from clydin December 26, 2017 09:53
clydin
clydin requested changes Dec 27, 2017
View reviewed changes
Copy link
Member

@clydin clydin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's already a massive amount of command line options and this is something that would probably be set at an application level and not be changed. As such, an app config option would probably be more appropriate.

packages/@angular/cli/models/webpack-configs/styles.ts
},
{
// TODO: inline .cur if not supporting IE (use browserslist to check)
filter: (asset: any) => !asset.hash && !asset.absolutePath.endsWith('.cur'),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of the extra function (which is breaking the eject command). Add a condition to the filter here.
Also the semantics of the option values should be changed. A maximum size of zero (0) means nothing should be inlined. Infinity would mean everything should be inlined.

tests/e2e/tests/build/styles/inline-asset-max-size.ts
'src/assets/small-id.svg': imgSvg
}))
.then(() => copyProjectAsset('images/spectrum.png', './assets/large.png'))
.then(() => ng('build', '--extract-css', '--inline-asset-max-size=-1', '--aot'))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests for inlining all resources and at an arbitrary non-default value would also be needed.

@hansl hansl unassigned clydin Feb 8, 2018
@clydin
Copy link
Member

clydin commented Feb 23, 2018

Closing this as infrastructure to more easily support this feature has been added since this PR's creation and a major refactoring of the build system in the next major version will provide a mechanism for the addition of features such as this.

@clydin clydin closed this Feb 23, 2018
@filipvh
Copy link

filipvh commented Mar 4, 2018

@clydin how would i go about this?

@kuncevic
Copy link

kuncevic commented Aug 4, 2018

Any news? Just want to inline all of my images without ejecting the config

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Sep 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@clydin clydin clydin requested changes

+1 more reviewer

@blackholegalaxy blackholegalaxy blackholegalaxy left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@clydin clydin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@oburakevych @clydin @filipvh @kuncevic @blackholegalaxy @googlebot