Skip to content
This repository has been archived by the owner on Apr 21, 2023. It is now read-only.

Stripping preload hints applies to disallowed and unauthorized resources #1393

Closed
jeffkaufman opened this issue Sep 12, 2016 · 1 comment
Closed

Comments

@jeffkaufman
Copy link
Contributor

Currently we strip preload hints if they look like:

   <link rel=subresource src=...>                                         
   <link rel=preload src=...>                                   

Preload hints are actually documented to use href and not src: https://w3c.github.io/preload/

@jeffkaufman
Copy link
Contributor Author

Actually, it's worse than that. We strip preload hints if they look like:

   <link rel=subresource ...>                                         
   <link rel=preload ...>

unless they contain src= that points to a resource we're not allowed to rewrite (unauthorized domain or disallowed).

@jeffkaufman jeffkaufman changed the title Stripping preload hints isn't working Stripping preload hints applies to disallowed and unauthorized resources Sep 12, 2016
jeffkaufman added a commit that referenced this issue Sep 13, 2016
…and not src

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393
jeffkaufman added a commit that referenced this issue Sep 13, 2016
…and not src

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393
jeffkaufman added a commit that referenced this issue Sep 14, 2016
…and not src

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393
jeffkaufman added a commit that referenced this issue Sep 14, 2016
…and not src (#1394)

* With rel=preload the hint tells us what type of resource it is, and if
  urls have been preserved for that type we should not strip it.
* If the rel=preload type isn't image, script, or style we shouldn't
  strip it, because those are the only urls we change.
* The filter was originally written to use src= when it should have used
  href=, which meant it removed hints it shouldn't have.

This is a minimal change for backporting for branch 33.  For the master branch
I have a draft of a more complex change that does additional cleanups.

Fixes: #1392
Fixes: #1393
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant