Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

jQuery 1.9.1.min.js from code.jquery.com CDN points to wrong sourcemap #2899

Closed
miketaylr opened this Issue Feb 4, 2016 · 8 comments

Comments

Projects
None yet
4 participants
@miketaylr
Copy link

miketaylr commented Feb 4, 2016

Originally filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1245709#c3.

  1. view-source:http://code.jquery.com/jquery-1.9.1.min.js
  2. Observe //@ sourceMappingURL=jquery.min.map

Expected: //@ sourceMappingURL=jquery-1.9.1.min.map
Actual: See 2) above.

If you're debugging a site with 1.9.1 from the CDN, suddenly 1.11.1 is in your debugger... which is wrong.

Here's some context from jquery-dev chatting with @dmethvin:

[1:31 PM] <miketaylr> the bug i saw says http://code.jquery.com/jquery-1.9.1.min.js sourcemap just points to jquery.min.js, so it ends up at as 1.11.whatever.js
[1:31 PM] <DaveMethvin> oh
[1:31 PM] <miketaylr> view-source:http://code.jquery.com/jquery-1.9.1.min.js
[1:31 PM] <miketaylr> dunno if that's a jquery build bug
[1:31 PM] <DaveMethvin> well, one from years ago
[1:31 PM] <miketaylr> or a code cdn redirect bu
[1:31 PM] <miketaylr> g
[1:31 PM] <DaveMethvin> at this point
[1:32 PM] <DaveMethvin> i don't know that there's much we can do about it now
[1:32 PM] <miketaylr> dude, let me ssh into the server
[1:32 PM] <miketaylr> i'll fix it
[1:32 PM] <DaveMethvin> can we update a really old version?
[1:32 PM] <DaveMethvin> well i'd be afraid someone has a hash stored for it
[1:32 PM] <DaveMethvin> to avoid tampering
[1:32 PM] <miketaylr> vim jquery-1.9.1.min.js
[1:32 PM] <miketaylr> lol
[1:33 PM] <miketaylr> i guess it would be good to see if the problem is more widespread, or only exists for 1.9.1
[1:33 PM] <miketaylr> this is the bug fwiw https://bugzilla.mozilla.org/show_bug.cgi?id=1245709#c3
[1:33 PM] <DaveMethvin> there is a correct jquery-1.9.1.min.map file, it's just wrong in the source
[1:34 PM] <DaveMethvin> and we stopped putting map files into the source becaues we got a bunch of complaints when people renamed the file or forgot to copy the map
[1:35 PM] <DaveMethvin> i'd say go ahead and report it miketaylr and we'll discuss if that's something we can change
[1:35 PM] <miketaylr> okey doke
[1:35 PM] <DaveMethvin> i don't see a way to change it without editing the file but that will change any stored hash
[1:35 PM] <miketaylr> DaveMethvin: so just against jquery not https://github.com/jquery/codeorigin.jquery.com ?
[1:35 PM] <DaveMethvin> right
[1:35 PM] <miketaylr> thxxx
[1:35 PM] <miketaylr> http://code.jquery.com/jquery-1.10.0.min.js looks good
[1:36 PM] <miketaylr> it might just be 1.9.1
[1:36 PM] <DaveMethvin> and it actually is jquery.min.map for some cdns like googles
[1:36 PM] <DaveMethvin> since they don't have the version in the file name
[1:36 PM] <miketaylr> because 1.9.0 didn't have one
[1:36 PM] <miketaylr> fun bug
[1:36 PM] miketaylr files

Not sure if you can change this, but it would be nice if you could.

@dmethvin

This comment has been minimized.

Copy link
Member

dmethvin commented Feb 4, 2016

I figured it was worth having miketaylr open a ticket so we can discuss. Wow. jQuery 1.9.1 was released 3 years ago today!

It's pretty easy to edit the source to point to the correct map file, jquery-1.9.1.min.map which is there on the CDN, but I'm concerned we may trigger some sort of alerts from people who don't expect the old files to ever change bits.

@scottgonzalez

This comment has been minimized.

Copy link
Member

scottgonzalez commented Feb 4, 2016

Isn't this a known bug? I'm 99% sure if you look through the bug tracker you'll find a ticket for this.

@scottgonzalez

This comment has been minimized.

Copy link
Member

scottgonzalez commented Feb 4, 2016

Oh, I see now that this is a different bug than the one I was thinking of.

@dmethvin

This comment has been minimized.

Copy link
Member

dmethvin commented Feb 5, 2016

Another thing we could do is delete http://code.jquery.com/jquery.min.map because we have been discouraging the use of the plain-named jquery.js and jquery.min.js anyway.

@dmethvin

This comment has been minimized.

Copy link
Member

dmethvin commented Feb 8, 2016

Since we're on the verge of recommending that people use Subresource Integrity, It seems like editing the file is a less and less appealing idea. It always bothered me that two files of the same version from different CDNs could have different hashes, but for the time that we put map comments into the file that was true because of the way different CDNs do their paths.

With that in mind, deleting the map file seems like the best solution, if we need to apply one.

@timmywil

This comment has been minimized.

Copy link
Member

timmywil commented Feb 9, 2016

I agree with deleting the map file.

@timmywil

This comment has been minimized.

Copy link
Member

timmywil commented Feb 9, 2016

@timmywil timmywil closed this Feb 9, 2016

@miketaylr

This comment has been minimized.

Copy link
Author

miketaylr commented Feb 9, 2016

Thanks for the help, everyone.

@lock lock bot locked as resolved and limited conversation to collaborators Jun 18, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.