Fix the crossorigin attribute (#26096)
This commit is contained in:
parent
eeff7c14e5
commit
f31a9bd78e
5 changed files with 14 additions and 6 deletions
|
@ -29,7 +29,7 @@
|
||||||
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
||||||
= stylesheet_pack_tag current_theme, media: 'all', crossorigin: 'anonymous'
|
= stylesheet_pack_tag current_theme, media: 'all', crossorigin: 'anonymous'
|
||||||
= javascript_pack_tag 'common', crossorigin: 'anonymous'
|
= javascript_pack_tag 'common', crossorigin: 'anonymous'
|
||||||
= preload_pack_asset "locale/#{I18n.locale}-json.js", crossorigin: 'anonymous'
|
= preload_pack_asset "locale/#{I18n.locale}-json.js"
|
||||||
= csrf_meta_tags unless skip_csrf_meta_tags?
|
= csrf_meta_tags unless skip_csrf_meta_tags?
|
||||||
%meta{ name: 'style-nonce', content: request.content_security_policy_nonce }
|
%meta{ name: 'style-nonce', content: request.content_security_policy_nonce }
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
||||||
= stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous'
|
= stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous'
|
||||||
= javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
|
= javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
|
||||||
= preload_pack_asset "locale/#{I18n.locale}-json.js", crossorigin: 'anonymous'
|
= preload_pack_asset "locale/#{I18n.locale}-json.js"
|
||||||
= render_initial_state
|
= render_initial_state
|
||||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||||
%body.embed
|
%body.embed
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
- content_for :header_tags do
|
- content_for :header_tags do
|
||||||
- if user_signed_in?
|
- if user_signed_in?
|
||||||
= preload_pack_asset 'features/compose.js', crossorigin: 'anonymous'
|
= preload_pack_asset 'features/compose.js'
|
||||||
= preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous'
|
= preload_pack_asset 'features/home_timeline.js'
|
||||||
= preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous'
|
= preload_pack_asset 'features/notifications.js'
|
||||||
%meta{ name: 'initialPath', content: request.path }
|
%meta{ name: 'initialPath', content: request.path }
|
||||||
|
|
||||||
%meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key }
|
%meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key }
|
||||||
|
|
|
@ -34,6 +34,7 @@ module.exports = {
|
||||||
chunkFilename: 'js/[name]-[chunkhash].chunk.js',
|
chunkFilename: 'js/[name]-[chunkhash].chunk.js',
|
||||||
hotUpdateChunkFilename: 'js/[id]-[hash].hot-update.js',
|
hotUpdateChunkFilename: 'js/[id]-[hash].hot-update.js',
|
||||||
hashFunction: 'sha256',
|
hashFunction: 'sha256',
|
||||||
|
crossOriginLoading: 'anonymous',
|
||||||
path: output.path,
|
path: output.path,
|
||||||
publicPath: output.publicPath,
|
publicPath: output.publicPath,
|
||||||
},
|
},
|
||||||
|
|
|
@ -13,7 +13,14 @@ module Webpacker::HelperExtensions
|
||||||
|
|
||||||
def preload_pack_asset(name, **options)
|
def preload_pack_asset(name, **options)
|
||||||
src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true)
|
src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true)
|
||||||
preload_link_tag(src, options.merge(integrity: integrity))
|
|
||||||
|
# This attribute will only work if the assets are on a different domain.
|
||||||
|
# And Webpack will (correctly) only add it in this case, so we need to conditionally set it here
|
||||||
|
# otherwise the preloaded request and the real request will have different crossorigin values
|
||||||
|
# and the preloaded file wont be loaded
|
||||||
|
crossorigin = 'anonymous' if Rails.configuration.action_controller.asset_host.present?
|
||||||
|
|
||||||
|
preload_link_tag(src, options.merge(integrity: integrity, crossorigin: crossorigin))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue