New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stripping preload hints applies to disallowed and unauthorized resources #1393

Closed
jeffkaufman opened this Issue Sep 12, 2016 · 1 comment

Comments

Projects
None yet
1 participant
@jeffkaufman
Copy link
Contributor

jeffkaufman commented Sep 12, 2016

Currently we strip preload hints if they look like:

   <link rel=subresource src=...>                                         
   <link rel=preload src=...>                                   

Preload hints are actually documented to use href and not src: https://w3c.github.io/preload/

@jeffkaufman

This comment has been minimized.

Copy link
Contributor

jeffkaufman commented Sep 12, 2016

Actually, it's worse than that. We strip preload hints if they look like:

   <link rel=subresource ...>                                         
   <link rel=preload ...>

unless they contain src= that points to a resource we're not allowed to rewrite (unauthorized domain or disallowed).

@jeffkaufman jeffkaufman changed the title Stripping preload hints isn't working Stripping preload hints applies to disallowed and unauthorized resources Sep 12, 2016

jeffkaufman added a commit that referenced this issue Sep 13, 2016

strip-subresource-hints: respect preserve with rel=preload, use href …
…and not src

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393

jeffkaufman added a commit that referenced this issue Sep 13, 2016

strip-subresource-hints: respect preserve with rel=preload, use href …
…and not src

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393

jeffkaufman added a commit that referenced this issue Sep 14, 2016

strip-subresource-hints: respect preserve with rel=preload, use href …
…and not src

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393

jeffkaufman added a commit that referenced this issue Sep 14, 2016

strip-subresource-hints: respect preserve with rel=preload, use href …
…and not src (#1394)

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment