Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support CDN usage #177

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

jonathanhefner
Copy link
Contributor

Using Bootstrap from CDN requires an exact version number that is not tied to gem releases. Although historically Bootstrap::VERSION has mirrored the official Bootstrap version number, this might not always be the case. Therefore, this patch adds Bootstrap::VENDOR_VERSION, which is updated by the updater task.

Additionally, it is best practice to employ subresource integrity hashes when using any public CDN. To support this, this patch adds Bootstrap::VENDOR_INTEGRITY, which is a Hash mapping asset names to their properly-encoded integrity hashes. This Hash is also updated by the updater task.


Here is an example of usage:

<script
  src="https://stackpath.bootstrapcdn.com/bootstrap/<%= Bootstrap::VENDOR_VERSION %>/js/bootstrap.bundle.min.js"
  integrity="<%= Bootstrap::VENDOR_INTEGRITY["bootstrap.bundle.min.js"] %>"
  crossorigin="anonymous"></script>

It would be nice to wrap that up in a helper method like <%= Bootstrap.js_cdn_tag(bundle: true) %>, but I wasn't sure if that would be considered outside the scope of this gem. It would endorse a specific CDN, but perhaps that's acceptable, since it is the official Bootstrap CDN. Also, the helper method should probably include something akin to .try(:html_safe), which might feel out of place.

Either way, I can add mention of this to the README, if desired.

Using Bootstrap from CDN requires an exact version number that is not
tied to gem releases.  Although historically `Bootstrap::VERSION` has
mirrored the official Bootstrap version number, this might not always be
the case.  Therefore, this patch adds `Bootstrap::VENDOR_VERSION`, which
is updated by the updater task.

Additionally, it is best practice to employ subresource integrity hashes
when using any public CDN.  To support this, this patch adds
`Bootstrap::VENDOR_INTEGRITY`, which is a Hash mapping asset names to
their properly-encoded integrity hashes.  This Hash is also updated by
the updater task.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant