From 0f3ca2b2309a39425925f193fc3178c78368861f Mon Sep 17 00:00:00 2001 From: gnoff Date: Mon, 1 May 2023 16:23:49 +0000 Subject: [PATCH] Add nonce support to bootstrap scripts and external runtime (#26738) Adds support for nonce on `bootstrapScripts`, `bootstrapModules` and the external fizz runtime DiffTrain build for [9545e4810c2dc8922f575b6d8f726503a7345d0c](https://github.com/facebook/react/commit/9545e4810c2dc8922f575b6d8f726503a7345d0c) --- compiled/facebook-www/REVISION | 2 +- .../ReactDOMServer-dev.classic.js | 28 +++++++++++++++---- .../facebook-www/ReactDOMServer-dev.modern.js | 28 +++++++++++++++---- .../ReactDOMServer-prod.classic.js | 11 +++++--- .../ReactDOMServer-prod.modern.js | 11 +++++--- .../ReactDOMServerStreaming-dev.modern.js | 25 ++++++++++++++--- .../ReactDOMServerStreaming-prod.modern.js | 11 +++++--- 7 files changed, 89 insertions(+), 27 deletions(-) diff --git a/compiled/facebook-www/REVISION b/compiled/facebook-www/REVISION index 4f7cefe25ff0c..0b0f5436eb8aa 100644 --- a/compiled/facebook-www/REVISION +++ b/compiled/facebook-www/REVISION @@ -1 +1 @@ -b12bea62d9cfd9a925f28cb2c93daeda3865a64e +9545e4810c2dc8922f575b6d8f726503a7345d0c diff --git a/compiled/facebook-www/ReactDOMServer-dev.classic.js b/compiled/facebook-www/ReactDOMServer-dev.classic.js index 4107a8d5b83e8..11be5e1b21b88 100644 --- a/compiled/facebook-www/ReactDOMServer-dev.classic.js +++ b/compiled/facebook-www/ReactDOMServer-dev.classic.js @@ -19,7 +19,7 @@ if (__DEV__) { var React = require("react"); var ReactDOM = require("react-dom"); -var ReactVersion = "18.3.0-www-classic-40ef305a"; +var ReactVersion = "18.3.0-www-classic-b5ced452"; // This refers to a WWW module. var warningWWW = require("warning"); @@ -2368,6 +2368,7 @@ var startInlineScript = stringToPrecomputedChunk(""); var startScriptSrc = stringToPrecomputedChunk(''); /** @@ -2451,6 +2452,13 @@ function createResponseState$1( stringToChunk(escapeTextForBrowser(src)) ); + if (nonce) { + bootstrapChunks.push( + scriptNonce, + stringToChunk(escapeTextForBrowser(nonce)) + ); + } + if (integrity) { bootstrapChunks.push( scriptIntegirty, @@ -2477,6 +2485,13 @@ function createResponseState$1( stringToChunk(escapeTextForBrowser(_src)) ); + if (nonce) { + bootstrapChunks.push( + scriptNonce, + stringToChunk(escapeTextForBrowser(nonce)) + ); + } + if (_integrity) { bootstrapChunks.push( scriptIntegirty, @@ -2506,7 +2521,8 @@ function createResponseState$1( preconnectChunks: [], preloadChunks: [], hoistableChunks: [], - stylesToHoist: false + stylesToHoist: false, + nonce: nonce }; } // Constants for the insertion mode we're currently writing in. We don't encode all HTML5 insertion // modes. We only include the variants as they matter for the sake of our purposes. @@ -6186,7 +6202,7 @@ function writePreamble( var _responseState$extern = responseState.externalRuntimeConfig, src = _responseState$extern.src, integrity = _responseState$extern.integrity; - internalPreinitScript(resources, src, integrity); + internalPreinitScript(resources, src, integrity, responseState.nonce); } var htmlChunks = responseState.htmlChunks; @@ -7412,7 +7428,7 @@ function preinit(href, options) { // conform to the types because no user input is being passed in. It also assumes that it is being called as // part of a work or flush loop and therefore does not need to request Fizz to flush Resources. -function internalPreinitScript(resources, src, integrity) { +function internalPreinitScript(resources, src, integrity, nonce) { var key = getResourceKey("script", src); var resource = resources.scriptsMap.get(key); @@ -7428,7 +7444,8 @@ function internalPreinitScript(resources, src, integrity) { pushScriptImpl(resource.chunks, { async: true, src: src, - integrity: integrity + integrity: integrity, + nonce: nonce }); } @@ -7618,6 +7635,7 @@ function createResponseState( preloadChunks: responseState.preloadChunks, hoistableChunks: responseState.hoistableChunks, stylesToHoist: responseState.stylesToHoist, + nonce: responseState.nonce, // This is an extra field for the legacy renderer generateStaticMarkup: generateStaticMarkup }; diff --git a/compiled/facebook-www/ReactDOMServer-dev.modern.js b/compiled/facebook-www/ReactDOMServer-dev.modern.js index 39a27f75f6110..9f2027e8a2f4f 100644 --- a/compiled/facebook-www/ReactDOMServer-dev.modern.js +++ b/compiled/facebook-www/ReactDOMServer-dev.modern.js @@ -19,7 +19,7 @@ if (__DEV__) { var React = require("react"); var ReactDOM = require("react-dom"); -var ReactVersion = "18.3.0-www-modern-b7ba1a13"; +var ReactVersion = "18.3.0-www-modern-ccf9e22e"; // This refers to a WWW module. var warningWWW = require("warning"); @@ -2368,6 +2368,7 @@ var startInlineScript = stringToPrecomputedChunk(""); var startScriptSrc = stringToPrecomputedChunk(''); /** @@ -2451,6 +2452,13 @@ function createResponseState$1( stringToChunk(escapeTextForBrowser(src)) ); + if (nonce) { + bootstrapChunks.push( + scriptNonce, + stringToChunk(escapeTextForBrowser(nonce)) + ); + } + if (integrity) { bootstrapChunks.push( scriptIntegirty, @@ -2477,6 +2485,13 @@ function createResponseState$1( stringToChunk(escapeTextForBrowser(_src)) ); + if (nonce) { + bootstrapChunks.push( + scriptNonce, + stringToChunk(escapeTextForBrowser(nonce)) + ); + } + if (_integrity) { bootstrapChunks.push( scriptIntegirty, @@ -2506,7 +2521,8 @@ function createResponseState$1( preconnectChunks: [], preloadChunks: [], hoistableChunks: [], - stylesToHoist: false + stylesToHoist: false, + nonce: nonce }; } // Constants for the insertion mode we're currently writing in. We don't encode all HTML5 insertion // modes. We only include the variants as they matter for the sake of our purposes. @@ -6186,7 +6202,7 @@ function writePreamble( var _responseState$extern = responseState.externalRuntimeConfig, src = _responseState$extern.src, integrity = _responseState$extern.integrity; - internalPreinitScript(resources, src, integrity); + internalPreinitScript(resources, src, integrity, responseState.nonce); } var htmlChunks = responseState.htmlChunks; @@ -7412,7 +7428,7 @@ function preinit(href, options) { // conform to the types because no user input is being passed in. It also assumes that it is being called as // part of a work or flush loop and therefore does not need to request Fizz to flush Resources. -function internalPreinitScript(resources, src, integrity) { +function internalPreinitScript(resources, src, integrity, nonce) { var key = getResourceKey("script", src); var resource = resources.scriptsMap.get(key); @@ -7428,7 +7444,8 @@ function internalPreinitScript(resources, src, integrity) { pushScriptImpl(resource.chunks, { async: true, src: src, - integrity: integrity + integrity: integrity, + nonce: nonce }); } @@ -7618,6 +7635,7 @@ function createResponseState( preloadChunks: responseState.preloadChunks, hoistableChunks: responseState.hoistableChunks, stylesToHoist: responseState.stylesToHoist, + nonce: responseState.nonce, // This is an extra field for the legacy renderer generateStaticMarkup: generateStaticMarkup }; diff --git a/compiled/facebook-www/ReactDOMServer-prod.classic.js b/compiled/facebook-www/ReactDOMServer-prod.classic.js index c6ef083a994e0..af43872ebf42e 100644 --- a/compiled/facebook-www/ReactDOMServer-prod.classic.js +++ b/compiled/facebook-www/ReactDOMServer-prod.classic.js @@ -1627,7 +1627,8 @@ function writePreamble( internalPreinitScript( resources, willFlushAllSegments.src, - willFlushAllSegments.integrity + willFlushAllSegments.integrity, + responseState.nonce )); willFlushAllSegments = responseState.htmlChunks; var headChunks = responseState.headChunks, @@ -2078,7 +2079,7 @@ function preinit(href, options) { } } } -function internalPreinitScript(resources, src, integrity) { +function internalPreinitScript(resources, src, integrity, nonce) { var key = "[script]" + src, resource = resources.scriptsMap.get(key); resource || @@ -2088,7 +2089,8 @@ function internalPreinitScript(resources, src, integrity) { pushScriptImpl(resource.chunks, { async: !0, src: src, - integrity: integrity + integrity: integrity, + nonce: nonce })); } function preloadAsStylePropsFromProps(href, props) { @@ -2139,6 +2141,7 @@ function createResponseState( preloadChunks: [], hoistableChunks: [], stylesToHoist: !1, + nonce: void 0, generateStaticMarkup: generateStaticMarkup }; } @@ -3974,4 +3977,4 @@ exports.renderToString = function (children, options) { 'The server used "renderToString" which does not support Suspense. If you intended for this Suspense boundary to render the fallback content on the server consider throwing an Error somewhere within the Suspense boundary. If you intended to have the server wait for the suspended component please switch to "renderToReadableStream" which supports Suspense on the server' ); }; -exports.version = "18.3.0-www-classic-dcd0808f"; +exports.version = "18.3.0-www-classic-62223ba6"; diff --git a/compiled/facebook-www/ReactDOMServer-prod.modern.js b/compiled/facebook-www/ReactDOMServer-prod.modern.js index 47717988b9857..054932509d06d 100644 --- a/compiled/facebook-www/ReactDOMServer-prod.modern.js +++ b/compiled/facebook-www/ReactDOMServer-prod.modern.js @@ -1625,7 +1625,8 @@ function writePreamble( internalPreinitScript( resources, willFlushAllSegments.src, - willFlushAllSegments.integrity + willFlushAllSegments.integrity, + responseState.nonce )); willFlushAllSegments = responseState.htmlChunks; var headChunks = responseState.headChunks, @@ -2076,7 +2077,7 @@ function preinit(href, options) { } } } -function internalPreinitScript(resources, src, integrity) { +function internalPreinitScript(resources, src, integrity, nonce) { var key = "[script]" + src, resource = resources.scriptsMap.get(key); resource || @@ -2086,7 +2087,8 @@ function internalPreinitScript(resources, src, integrity) { pushScriptImpl(resource.chunks, { async: !0, src: src, - integrity: integrity + integrity: integrity, + nonce: nonce })); } function preloadAsStylePropsFromProps(href, props) { @@ -2137,6 +2139,7 @@ function createResponseState( preloadChunks: [], hoistableChunks: [], stylesToHoist: !1, + nonce: void 0, generateStaticMarkup: generateStaticMarkup }; } @@ -3871,4 +3874,4 @@ exports.renderToString = function (children, options) { 'The server used "renderToString" which does not support Suspense. If you intended for this Suspense boundary to render the fallback content on the server consider throwing an Error somewhere within the Suspense boundary. If you intended to have the server wait for the suspended component please switch to "renderToReadableStream" which supports Suspense on the server' ); }; -exports.version = "18.3.0-www-modern-9c1f7368"; +exports.version = "18.3.0-www-modern-6b28dd6e"; diff --git a/compiled/facebook-www/ReactDOMServerStreaming-dev.modern.js b/compiled/facebook-www/ReactDOMServerStreaming-dev.modern.js index 40fb3d403de98..2cd60c2238e15 100644 --- a/compiled/facebook-www/ReactDOMServerStreaming-dev.modern.js +++ b/compiled/facebook-www/ReactDOMServerStreaming-dev.modern.js @@ -2365,6 +2365,7 @@ var startInlineScript = stringToPrecomputedChunk(""); var startScriptSrc = stringToPrecomputedChunk(''); /** @@ -2448,6 +2449,13 @@ function createResponseState( stringToChunk(escapeTextForBrowser(src)) ); + if (nonce) { + bootstrapChunks.push( + scriptNonce, + stringToChunk(escapeTextForBrowser(nonce)) + ); + } + if (integrity) { bootstrapChunks.push( scriptIntegirty, @@ -2474,6 +2482,13 @@ function createResponseState( stringToChunk(escapeTextForBrowser(_src)) ); + if (nonce) { + bootstrapChunks.push( + scriptNonce, + stringToChunk(escapeTextForBrowser(nonce)) + ); + } + if (_integrity) { bootstrapChunks.push( scriptIntegirty, @@ -2503,7 +2518,8 @@ function createResponseState( preconnectChunks: [], preloadChunks: [], hoistableChunks: [], - stylesToHoist: false + stylesToHoist: false, + nonce: nonce }; } // Constants for the insertion mode we're currently writing in. We don't encode all HTML5 insertion // modes. We only include the variants as they matter for the sake of our purposes. @@ -6193,7 +6209,7 @@ function writePreamble( var _responseState$extern = responseState.externalRuntimeConfig, src = _responseState$extern.src, integrity = _responseState$extern.integrity; - internalPreinitScript(resources, src, integrity); + internalPreinitScript(resources, src, integrity, responseState.nonce); } var htmlChunks = responseState.htmlChunks; @@ -7419,7 +7435,7 @@ function preinit(href, options) { // conform to the types because no user input is being passed in. It also assumes that it is being called as // part of a work or flush loop and therefore does not need to request Fizz to flush Resources. -function internalPreinitScript(resources, src, integrity) { +function internalPreinitScript(resources, src, integrity, nonce) { var key = getResourceKey("script", src); var resource = resources.scriptsMap.get(key); @@ -7435,7 +7451,8 @@ function internalPreinitScript(resources, src, integrity) { pushScriptImpl(resource.chunks, { async: true, src: src, - integrity: integrity + integrity: integrity, + nonce: nonce }); } diff --git a/compiled/facebook-www/ReactDOMServerStreaming-prod.modern.js b/compiled/facebook-www/ReactDOMServerStreaming-prod.modern.js index 902ed56a3587b..d73c382349b68 100644 --- a/compiled/facebook-www/ReactDOMServerStreaming-prod.modern.js +++ b/compiled/facebook-www/ReactDOMServerStreaming-prod.modern.js @@ -1656,7 +1656,8 @@ function writePreamble( internalPreinitScript( resources, willFlushAllSegments.src, - willFlushAllSegments.integrity + willFlushAllSegments.integrity, + responseState.nonce )); willFlushAllSegments = responseState.htmlChunks; var headChunks = responseState.headChunks, @@ -2128,7 +2129,7 @@ function preinit(href, options) { } } } -function internalPreinitScript(resources, src, integrity) { +function internalPreinitScript(resources, src, integrity, nonce) { var key = "[script]" + src, resource = resources.scriptsMap.get(key); resource || @@ -2138,7 +2139,8 @@ function internalPreinitScript(resources, src, integrity) { pushScriptImpl(resource.chunks, { async: !0, src: src, - integrity: integrity + integrity: integrity, + nonce: nonce })); } function preloadAsStylePropsFromProps(href, props) { @@ -3878,7 +3880,8 @@ exports.renderToStream = function (children, options) { preconnectChunks: [], preloadChunks: [], hoistableChunks: [], - stylesToHoist: !1 + stylesToHoist: !1, + nonce: void 0 }; bootstrapModules = createFormatContext(0, null, !1); externalRuntimeDesc = options ? options.progressiveChunkSize : void 0;