Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: asset function #4268

Closed
nfisher opened this issue Jan 12, 2018 · 3 comments
Closed

Proposal: asset function #4268

nfisher opened this issue Jan 12, 2018 · 3 comments
Labels
Outdated Stale

Comments

@nfisher
Copy link

nfisher commented Jan 12, 2018
edited
Loading

It would be nice if there were a function that managed external assets providing the following signature;

script  DEST INC_SRI IMMUTABLE [ATTR] SRC...
style  DEST INC_SRI IMMUTABLE [ATTR] SRC...

The arguments are as follows;

  • DEST (string) - base URL relative path.
  • INC_SRI (boolean) - adds integrity tag with SHA256 sum.
  • IMMUTABLE (boolean) - adds BASE62(SHA256 sum) as a postfix of the filename prior to the extension.
  • ATTR - is a map which adds html additional attributes to the tag.
  • SRC ([]string) - source path for the file(s), multiple will be concatenated.

This would enable the following things;

  1. Allow the use of Content-Security-Policy: require-sri-for script style.
  2. Fix issues with CDN's that don't cache resources with query params.
  3. Allow the assets to be referenced as immutable or at least a very long cache time.
  4. Simplify cache busting with one function (e.g. no need to use sha256 and readFile).
  5. For pages that are cached the static assets can be made permanently available.

Example Scenario

Given the user provides the following template sequence:
  {{ script "/js/postman.js", true, true, "static/js/bootstrap.js" }}
When it is processed
Then it should copy the source to the destination folder as named
And it should generate the following tag in the HTML:
  <script type="text/javascript" 
               src="/js/postman-3PVPh0f01T2hWni0XcU5x0jU8Kqdgb64v1avoKGC4G2O.js" 
               integrity="sha256-3vw5dArBhZ2OJ4XtRzIIQJYn6Hrd1fePLeqsuToS1R0="></script>

See #621 for discussion on cache-busting.
@moorereason
Copy link
Contributor

Please don't put multiple issues into one GH issue. Rewrite this issue to focus on SRI.

The cache busting enhancement request is #621.

@nfisher nfisher mentioned this issue Jan 12, 2018
Closed
@nfisher nfisher changed the title Enhancement: Cache busting and SRI for media assets Enhancement: asset function Jan 13, 2018
@nfisher nfisher changed the title Enhancement: asset function Proposal: asset function Jan 13, 2018
@nfisher nfisher mentioned this issue Jan 15, 2018
Closed
@bep bep mentioned this issue Feb 5, 2018
Closed
@stale
Copy link

stale bot commented May 15, 2018

This issue has been automatically marked as stale because it has not had recent activity. The resources of the Hugo team are limited, and so we are asking for your help.
If this is a bug and you can still reproduce this error on the master branch, please reply with all of the information you have about it in order to keep the issue open.
If this is a feature request, and you feel that it is still relevant and valuable, please tell us why.
This issue will automatically be closed in the near future if no further activity occurs. Thank you for all your contributions.

@stale stale bot added the Stale label May 15, 2018
@stale stale bot closed this as completed Jun 14, 2018
@github-actions
Copy link

github-actions bot commented Mar 2, 2022

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Outdated Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nfisher @moorereason