-
Notifications
You must be signed in to change notification settings - Fork 791
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename default manifest.json file to .sprockets-manifest.json #7
Comments
Hey @josh I can take a crack at this if it helps. How do you see supporting both working? We could just look in the output dir for the new filename and fall back on My concern with the fallback approach is that it could still cause surprise issues like my manifest.json asset and will be jarring if someone clobbered their assets and rebuilt only to find the manifest filename changed. Thoughts? |
I think the existing I'm thinking, by default,
Then on I'm wondering if its safe to cleanup any existing |
Also, I'm wondering if the |
I'm nervous about going back to a static name, and trusting the web server's config to refuse to serve hidden files. |
@josh 😄 Maybe we can make the randomness structurally different from an asset hash, so no matter how improbably someone names their asset, it won't conflict? |
Thats true too. Right now the random hex is 32c which is the same length as old MD5 tagged assets. However, were moving to sha256 so that brings it up to 64c. So for legacy manifests, we can at least verify the old 32 length. |
@matthewd - yeah, this a good point. I think it's probably too big an assumption to make re: web server config for little benefit, especially with the naming strategy you mentioned. @josh - sounds like a good strategy to me. Is the 32 -> 64 move happening with this milestone release? Great timing if so. |
2.x defaults to MD5 digests, and 3.x defaults to SHA256. |
Not sure if it's too hard but making it configurable wouldn't make the transition much easier and still possible -for those who want- to use the old naming? |
If you specify an explicit manifest path, it always uses that instead of an autogenerated one. If you'd like to use the old name, you can just set it. Thats the way its always worked. The main issue is for people who are using the defaults.
|
Got it. Sorry for the dumb question. |
Another thing that might be nice to solve is to make the randness actually deterministic based some secret somehow. I know that sounds contradictory. Its less ideal that multiple app instances can have different randomly generated manifest paths. One is What if we did a similar thing for how Rails generates csrf tokens and other private secrets and set a I feel like this is the only use case so far for a sprockets secret, but maybe theres others? I dunno. Thats one idea to make it deterministic but still secret from the rest of the world. |
Something like this? master...juddblair:master I need to fix the glob-style dir stuff to tighten in (was planning on |
@juddblair yeah, looks like its on the right track! |
Fix Upgrading.md markup
xref rails/sprockets-rails#229
cc @rafaelfranca @juddblair
The text was updated successfully, but these errors were encountered: