Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inline oc.js when possible! #1917

Merged
merged 4 commits into from
Oct 25, 2016
Merged

Inline oc.js when possible! #1917

merged 4 commits into from
Oct 25, 2016

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Oct 25, 2016

With #1871 in we can now do fancy pancy stuff. Like inline javascript safely.

This PR bring you the inlining of oc.js. This file was loaded on each pageload separatly and was a blocking call! Now if your browser support CSPv3 it will inline the file saving you a blocking (non cacheable request!).

  • Move oc.js generation to helper class
  • Move CSPv3 test
  • Inline oc.js when possible

@LukasReschke as discussed!

CC: @MorrisJobke @nickvergessen @icewind1991

@rullzer rullzer added enhancement 3. to review Waiting for reviews labels Oct 25, 2016
@rullzer rullzer added this to the Nextcloud 11.0 milestone Oct 25, 2016
@mention-bot
Copy link

@rullzer, thanks for your PR! By analyzing the history of the files in this pull request, we identified @LukasReschke, @DeepDiver1975 and @icewind1991 to be potential reviewers.

LukasReschke
LukasReschke requested changes Oct 25, 2016
View reviewed changes
Copy link
Member

@LukasReschke LukasReschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Some nitpicks are still existent though ;)

core/Controller/OCJSController.php
/** @var JSConfigHelper */
private $helper;

public function __construct($appName,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A kingdom for PHPDocs 🚀

core/templates/layout.base.php
@@ -18,6 +18,11 @@
<?php foreach($_['printcssfiles'] as $cssfile): ?>
<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
<?php endforeach; ?>
<?php if (isset($_['inline_ocjs'])): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
<?php echo($_['inline_ocjs']); ?>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print_unescaped? :)

core/templates/layout.guest.php
@@ -19,6 +19,11 @@
<?php foreach($_['printcssfiles'] as $cssfile): ?>
<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
<?php endforeach; ?>
<?php if (isset($_['inline_ocjs'])): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
<?php echo($_['inline_ocjs']); ?>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print_unescaped? :)

core/templates/layout.user.php
@@ -26,6 +26,11 @@
<?php foreach($_['printcssfiles'] as $cssfile): ?>
<link rel="stylesheet" href="<?php print_unescaped($cssfile); ?>" media="print">
<?php endforeach; ?>
<?php if (isset($_['inline_ocjs'])): ?>
<script nonce="<?php p(\OC::$server->getContentSecurityPolicyNonceManager()->getNonce()) ?>" type="text/javascript">
<?php echo($_['inline_ocjs']); ?>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

print_unescaped? :)

lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -102,7 +105,8 @@ public function __construct(IRequest $request,
$isLoggedIn,
$isAdminUser,
ContentSecurityPolicyManager $contentSecurityPolicyManager,
CsrfTokenManager $csrfTokenManager) {
CsrfTokenManager $csrfTokenManager,
ContentSecurityPolicyNonceManager $cspNonceManager) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update PHPDoc? ;)

@rullzer
Move oc.js to a proper class
d5589a1 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Move browserSupportsCspV3 to CSPNonceManager
e351ba5 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Inlince oc.js if possible!
6dbe417 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer
Copy link
Member Author

rullzer commented Oct 25, 2016

@LukasReschke fixed

@LukasReschke
Missing returns + autoloader file
015affb 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
@LukasReschke
Copy link
Member

Good stuff! 👍

@codecov-io
Copy link

Current coverage is 57.34% (diff: 3.01%)

Merging #1917 into master will decrease coverage by 0.17%

@@             master      #1917   diff @@
==========================================
  Files          1076       1078     +2   
  Lines         61310      61498   +188   
  Methods        6871       6875     +4   
  Messages          0          0          
  Branches          0          0          
==========================================
- Hits          35266      35265     -1   
- Misses        26044      26233   +189   
  Partials          0          0

Sunburst

Diff Coverage File Path
0% core/routes.php
0% core/templates/layout.base.php
0% new core/Controller/OCJSController.php
0% core/templates/layout.user.php
0% lib/private/TemplateLayout.php
0% core/templates/layout.guest.php
0% new lib/private/Template/JSConfigHelper.php
•• 28% ...e/Security/CSP/ContentSecurityPolicyNonceManager.php
•••••••••• 100% ...ate/AppFramework/DependencyInjection/DIContainer.php
•••••••••• 100% lib/private/Server.php

Review all 11 files changed

Powered by Codecov. Last update 35c7ece...015affb

@MorrisJobke
Copy link
Member

MorrisJobke commented Oct 25, 2016
edited
Loading

Code looks good and I tested this in Firefox, Safari, Chrome, IE and Edge. 👍

@MorrisJobke MorrisJobke merged commit 9a70c13 into master Oct 25, 2016
@MorrisJobke MorrisJobke deleted the ocjs_inline branch October 25, 2016 22:20
@LukasReschke
Copy link
Member

Small addition: #1920 :)

@nickvergessen
Copy link
Member

Please also delete the old file, just cost björn and me some minutes to figure out, why the break point didn't stop...

This was referenced Oct 31, 2016
Merged
Closed
@kaocher82 kaocher82 mentioned this pull request Feb 9, 2021
Open
@gisforgirard gisforgirard mentioned this pull request Feb 18, 2021
Closed
@gisforgirard gisforgirard mentioned this pull request Feb 26, 2021
Open
@Jessi1983 Jessi1983 mentioned this pull request Mar 10, 2021
Open
@snyk-bot snyk-bot mentioned this pull request Jun 15, 2021
Merged
@dwoodiwiss dwoodiwiss mentioned this pull request May 16, 2022
Open
@TomG736 TomG736 mentioned this pull request May 17, 2022
Open
@checkoss checkoss mentioned this pull request May 17, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LukasReschke LukasReschke LukasReschke approved these changes

Assignees
No one assigned
Labels
3. to review Waiting for reviews enhancement
Projects
None yet
Milestone
Nextcloud 11.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@rullzer @mention-bot @LukasReschke @codecov-io @MorrisJobke @nickvergessen