New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shorter fingerprinting #6241
Comments
If that was true, why are they so long in the first place? So, I agree that for certain uses of this it would be fine (cache-busting), so we should add a |
I meant for this specific use case :) Thanks for considering this. |
If this is about Subresource Integrity hashes please keep in mind, that the standard for the JS and CSS links expects SHA384 for the integrity hashes. See https://www.w3.org/TR/SRI/ "Cache busting" is a new use for me ;) I always used date strings or random strings for that. |
Yes, we're not messing with the SRI hashes. |
Adding context from my use case and an issue with current workarounds when typescript resources are renamed by I have a typescript file I want to compile to javascript, minify, add an SRI hash, and cache-bust with a reasonably short filename. Given an input like
I can think of a few possible solutions:
I'm still new to hugo so hopefully I haven't gotten any of the details wrong. |
I don't think that provides a solution to the filename issue (though I imagine it's more efficient than using resources.FromString?). There's no way to get the proper name of the original resource (with |
I just tested
So, that's not terribly helpful. Since you know you're building a js file, is there a problem with hardcoding the extension? Also, if you can live with a 10 character hash, pass |
I have a partial template that I use for all my resources. It isn't specific to javascript. It also wouldn't be possible to share with others without hard-coding all possible extension changes, or adding a caveat that it won't work for anything other than ts -> js. I don't believe the hash persisted through a copy when I tried it, but I could be misremembering. |
I believe this still has the same issue: when I name the file, how do I get the correct extension without publishing the resource with the fingerprint in the name? Or hard-coding the extension so it only works with assets types I explicitly handle? |
My point with |
Ah gotcha. Thanks for the tip. |
Also see #12143 for access to the extension. I'm also going to log an issue against |
Finally, there's an intentionally undocumented method This seems to work OK with v0.124.0:
This produces something like Use with caution. We may change the value returned by |
I use a quick crypto.FNV32a to generate a short hash, then copy the resource to a new path with that fingerprint.
head element. I invoke it using partialCached so the fingerprinting only happens once per resource:
<link rel="icon" sizes="any" href="/favicon.2229316949.svg" type="image/svg+xml"/> Encoding it to a higher base and using alphanumerics could shave off 1-2 ch. Originally posted on seirdy.one: See Original. |
@Seirdy With this approach you don't have an SRI hash. If you don't fingerprint, the resource's |
This isn't super important, but it feels like having a 96 (sha384) or 64 (sha256) character hash is too much.
Would it be possible to offer an option to limit this, say to 7 characters? Assuming the algorithm is the same, this shouldn't result in any collisions I think?
I could try doing this myself, but I thought I'd ask.
Thanks!
The text was updated successfully, but these errors were encountered: