init

.codecov.yml

@@ -0,0 +1,6 @@
+comment: off
+coverage:
+  status:
+    project: off
+    patch: off
+

.editorconfig

@@ -0,0 +1,17 @@
+# For more information about the properties used in this file,
+# please see the EditorConfig documentation:
+# http://editorconfig.org
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[{*.yml,package.json}]
+indent_size = 2
+
+# The indent size used in the package.json file cannot be changed:
+# https://github.com/npm/npm/pull/3180#issuecomment-16336516

.scrutinizer.yml

@@ -0,0 +1,15 @@
+inherit: true
+
+build:
+  nodes:
+    analysis:
+      tests:
+        override: [php-scrutinizer-run]
+
+checks:
+  php:
+    code_rating: true
+    duplication: true
+
+filter:
+  paths: [src/*, tests/*]

.travis.yml

@@ -0,0 +1,67 @@
+language: php
+
+os: linux
+
+dist: xenial
+
+services:
+  - mysql
+  - postgresql
+
+cache:
+  directories:
+    - $HOME/.composer/cache/files
+
+env:
+  global:
+    - SS_ENVIRONMENT_TYPE=dev
+    - SS_BASE_URL="http://localhost:8080/"
+
+jobs:
+  fast_finish: true
+  include:
+    - php: 7.2
+      env:
+        - DB=PGSQL
+        - PDO=1
+        - PHPCS_TEST=1
+        - PHPUNIT_TEST=1
+    - php: 7.3
+      env:
+        - DB=MYSQL
+        - PDO=1
+    - php: 7.4
+      env:
+        - DB=MYSQL
+        - PDO=1
+
+before_script:
+  # COMPOSER
+  # install $COMPOSER_VERSION if defined, otherwise use Composer v1 with PHP <= 7.3, Composer v2 for >= 7.3
+  - if [ $COMPOSER_VERSION ] ; then composer self-update --$COMPOSER_VERSION ; elif [ $(php -r 'echo (int) version_compare(phpversion(), "7.3.0", "<=");') = "1" ] ; then composer self-update --1; else composer self-update --2; fi
+  - composer --version
+
+  # PHPENV
+  - phpenv rehash
+  - phpenv config-rm xdebug.ini || true
+  - if [[ $PHPUNIT_COVERAGE_TEST ]]; then memlimit='8192M'; else memlimit='4096M'; fi
+  - echo "memory_limit = ${memlimit}" >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
+  - echo 'always_populate_raw_post_data = -1' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
+
+  # Install composer dependencies
+  - composer validate
+  - if [[ $DB == PGSQL ]]; then composer require silverstripe/postgresql:^2 --no-update; fi
+  - if [[ $DB == SQLITE ]]; then composer require silverstripe/sqlite3:^2 --no-update; fi
+  - if [[ $PHPCS_TEST ]]; then composer global require squizlabs/php_codesniffer:^3 --prefer-dist --no-interaction --no-progress --no-suggest -o; fi
+  - composer install --prefer-source --no-interaction --no-progress --no-suggest --optimize-autoloader --verbose --profile
+
+  # Log constants to CI for debugging purposes
+  - php vendor/silverstripe/framework/tests/dump_constants.php
+
+script:
+  - if [[ $PHPUNIT_TEST ]]; then vendor/bin/phpunit; fi
+  - if [[ $PHPCS_TEST ]]; then composer run-script lint; fi
+  - if [[ $PHPUNIT_COVERAGE_TEST ]]; then phpdbg -qrr vendor/bin/phpunit --coverage-clover=coverage.xml; fi
+
+after_success:
+  - if [[ $PHPUNIT_COVERAGE_TEST ]]; then bash <(curl -s https://codecov.io/bash) -f coverage.xml; fi

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Thomas Portelange
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,90 @@
+# SilverStripe Defer Backend module
+
+[![Build Status](https://travis-ci.com/lekoala/silverstripe-defer-backend.svg?branch=master)](https://travis-ci.com/lekoala/silverstripe-defer-backend/)
+[![scrutinizer](https://scrutinizer-ci.com/g/lekoala/silverstripe-defer-backend/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/lekoala/silverstripe-defer-backend/)
+[![Code coverage](https://codecov.io/gh/lekoala/silverstripe-defer-backend/branch/master/graph/badge.svg)](https://codecov.io/gh/lekoala/silverstripe-defer-backend)
+
+## Intro
+
+This module allows you to define a backend that defers your script by default.
+As a nice bonus, it also allows you to set a simple content security policy by adding nonce to your scripts.
+
+## Defer your requirements
+
+In order to defer your scripts, you need to replace in your `PageController` the default backend.
+
+    protected function init()
+    {
+        parent::init();
+
+        Requirements::set_backend(new DeferBackend);
+    }
+
+Once this is done, all scripts (provided by modules or yourself) will be deferred. This is great
+for performance because all scripts become non blocking and load order is preserved.
+Scripts are added in the head, since they are not blocking, the browser can load them while parsing
+the html.
+
+### Inline scripts
+
+Deferring inline scripts is not possible as such. But since events are fired once the dom is parsed,
+you can wrap your scripts like so
+
+    window.addEventListener('DOMContentLoaded', function() { ... });
+
+This module automatically does this. Be aware that if you rely on global variables, you might want to
+prevent this from happening by adding a comment with `//window.addEventListener` somewhere. This
+will prevent our class to automatically wrap your script.
+
+### Css order
+
+This module also check your css files and make sure your themes files are loaded last. This make
+sure that your styles cascade properly.
+
+## Security headers
+
+As a small bonus, this module allows you to add two security headers:
+- Referrer-Policy
+- Strict-Transport-Security (only if https is enabled)
+
+    public function handleRequest(HTTPRequest $request)
+    {
+        $response = parent::handleRequest($request);
+
+        CspProvider::addSecurityHeaders($response);
+
+        return $response;
+    }
+
+## Content security policy
+
+This module also add random nonce to your scripts. This allows you to setup a simple
+Content Security Policy.
+
+Also, a `$getCspNonce` is made available in your templates.
+
+    public function handleRequest(HTTPRequest $request)
+    {
+        $response = parent::handleRequest($request);
+
+        CspProvider::addCspHeaders($response);
+
+        return $response;
+    }
+
+Please note that the csp is disabled by default. You might want to enable it with the following config:
+
+    LeKoala\DeferBackend\CspProvider:
+    enable_cst: true
+    csp_report_uri: 'https://my-url-here'
+    csp_report_only: false
+
+Consider setting this to `csp_report_only` at the beginnning because enabling csp can break your website.
+
+## Compatibility
+
+Tested with 4.6 but should work on any ^4 projects
+
+## Maintainer
+
+LeKoala - thomas@lekoala.be

_config/defer-backend.yml

@@ -0,0 +1,9 @@
+---
+Name: defer-backend
+---
+LeKoala\DeferBackend\CspProvider:
+  default_referrer_policy: "no-referrer-when-downgrade"
+  enable_hsts: true
+  enable_cst: false
+  csp_report_uri: ''
+  csp_report_only: true

composer.json

@@ -0,0 +1,50 @@
+{
+    "name": "lekoala/silverstripe-defer-backend",
+    "description": "Defer your requirements in SilverStripe",
+    "type": "silverstripe-vendormodule",
+    "keywords": [
+        "silverstripe",
+        "backend",
+        "defer",
+        "csp",
+        "module",
+        "cms"
+    ],
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "LeKoala",
+            "email": "thomas@lekoala.be"
+        }
+    ],
+    "require": {
+        "php": ">=7.2",
+        "silverstripe/framework": "^4"
+    },
+    "require-dev": {
+        "sminnee/phpunit": "^5.7",
+        "squizlabs/php_codesniffer": "^3.0"
+    },
+    "extra": {
+        "installer-name": "defer-backend",
+        "expose": [
+            "css"
+        ]
+    },
+    "autoload": {
+        "psr-4": {
+            "LeKoala\\DeferBackend\\": "src/",
+            "LeKoala\\DeferBackend\\Test\\": "tests/"
+        }
+    },
+    "support": {
+        "issues": "https://github.com/lekoala/silverstripe-defer-backend/issues"
+    },
+    "scripts": {
+        "lint": "phpcs src/ tests/",
+        "lint-clean": "phpcbf src/ tests/",
+        "test": "phpunit -v"
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true
+}

phpcs.xml.dist

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ruleset name="SilverStripe">
+    <description>CodeSniffer ruleset for SilverStripe coding conventions.</description>
+
+    <file>src</file>
+    <file>tests</file>
+
+    <!-- base rules are PSR-2 -->
+    <rule ref="PSR2" >
+        <!-- Current exclusions -->
+        <exclude name="PSR1.Methods.CamelCapsMethodName" />
+        <exclude name="PSR1.Files.SideEffects.FoundWithSymbols" />
+        <exclude name="PSR2.Classes.PropertyDeclaration" />
+        <exclude name="PSR2.ControlStructures.SwitchDeclaration" /> <!-- causes php notice while linting -->
+        <exclude name="PSR2.ControlStructures.SwitchDeclaration.WrongOpenercase" />
+        <exclude name="PSR2.ControlStructures.SwitchDeclaration.WrongOpenerdefault" />
+        <exclude name="PSR2.ControlStructures.SwitchDeclaration.TerminatingComment" />
+        <exclude name="PSR2.Methods.MethodDeclaration.Underscore" />
+        <exclude name="Squiz.Scope.MethodScope" />
+        <exclude name="Squiz.Classes.ValidClassName.NotCamelCaps" />
+        <exclude name="Generic.Files.LineLength.TooLong" />
+        <exclude name="PEAR.Functions.ValidDefaultValue.NotAtEnd" />
+    </rule>
+</ruleset>

phpunit.xml.dist

@@ -0,0 +1,16 @@
+<phpunit bootstrap="vendor/silverstripe/framework/tests/bootstrap.php" colors="true">
+
+    <testsuite name="Default">
+        <directory>tests</directory>
+    </testsuite>
+
+    <filter>
+        <whitelist addUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">src/</directory>
+            <exclude>
+                <directory suffix=".php">tests/</directory>
+            </exclude>
+        </whitelist>
+    </filter>
+
+</phpunit>