Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

missing crossorigin tag (#56 needs more work ?) #184

Open
udf2457 opened this issue Jul 3, 2022 · 10 comments
Open

missing crossorigin tag (#56 needs more work ?) #184

udf2457 opened this issue Jul 3, 2022 · 10 comments

Comments

@udf2457
Copy link

udf2457 commented Jul 3, 2022
edited

("symfony/webpack-encore-bundle": "^1.14",)

I am using encore_entry_link_tags() and encore_entry_script_tags() in my templates.

crossorigin: 'anonymous has been enabled in config/packages/webpack_encore.yaml

The behaviour I am seeing is that crossorigin="anonymous" is only being added to the<script> tags and not the <link> tags. As a result JS loads ok, but CSS fails with CRS headers.

crossorigin is supported for <link> tags and should therefore be implemented.

(Tag #42 #55 #56 )
@udf2457
Copy link
Author

udf2457 commented Jul 5, 2022
edited

There's definitely something fishy going on here.

I don't know enough about Symfony details, so I just did a very crude test.

I edited vendor/symfony/webpack-encore-bundle/src/Asset/TagRenderer.php and inserted the following (after $attributes = array_merge in both instances):

            echo "LINK".PHP_EOL;
            print_r($this->defaultAttributes);
            print_r($this->defaultLinkAttributes);
	    echo "SCRIPT".PHP_EOL;
            print_r($this->defaultAttributes);
            print_r($this->defaultScriptAttributes);

The result was clear, crossorigin is completely missing from the link array:

                    LINK
Array
(
)
Array
(
)

But present on script:

Array
(
    [defer] => 1
    [crossorigin] => anonymous
)

I also note that @PhilETaylor test files only covered script tag and did not test link.

@Lyrkan

@Lyrkan
Copy link
Contributor

Lyrkan commented Jul 5, 2022

Hi @udf2457,

I did some tests on my end and I'm getting the crossorigin attribute for both <script> and <link> tags.
Would you be able to share a project that shows the issue?

@udf2457
Copy link
Author

udf2457 commented Jul 5, 2022

Hi @Lyrkan ,

What version of PHP ? I'm on 8.1.7 on Debian.

I will look into seeing what I can do to share a project.

@udf2457
Copy link
Author

udf2457 commented Jul 5, 2022
edited

Hi @Lyrkan

I've posted code up to a private repo and added you for access.

Had to be private because I pulled my code off my internal server and so although I think I've cleaned up certain confidential references there's always that little possibility of having missed anything .

I couldn't think of another way to do it, because AFAIK codesandbox wouldn't really work with the yarn/composer dependencies (or at least it would take me too much time to learn how to do it).

The content in there is basically the files changed since I first installed symfony for this project and so hopefully covers everything you'd want to look at without dumping too much extra noise !

Thanks !

@Lyrkan
Copy link
Contributor

Lyrkan commented Jul 5, 2022

@udf2457 Thanks for the repro, I think there is an issue in your webpack_encore.yaml file: you put the crossorigin option under script_attributes... which only applies to <script> tags.

Try moving crossorigin: 'anonymous' directly under webpack_encore, it should enable it globally.

@udf2457
Copy link
Author

udf2457 commented Jul 5, 2022
edited

@Lyrkan That worked, thanks. I appreciate the second pair of eyes !

Although to be fair its not entirely my fault, I only commented out that line which was already there. The comment above it does kind of encourage people to just do that:

If using Encore.enableIntegrityHashes() and need the crossorigin attribute (default: false, or use 'anonymous' or 'use-credentials')

Maybe those two lines should be shifted higher by default ?

@Lyrkan
Copy link
Contributor

Lyrkan commented Jul 5, 2022

Maybe those two lines should be shifted higher by default ?

Hm, I don't see any issue with the last version of the recipe: https://github.com/symfony/recipes/blob/main/symfony/webpack-encore-bundle/1.10/config/packages/webpack_encore.yaml

Was it different when you created your project?

@udf2457
Copy link
Author

udf2457 commented Jul 5, 2022

@Lyrkan To be clearer, based on the answer you provided to my problem, and which subsequently solved my problem by implementing as you described, this is what I am suggesting:

symfony/recipes#1106

Otherwise, people (like me) will just uncomment that line and expect link to show crossorigin when infact it never will unless, like you said, that line is higher up.

@udf2457 udf2457 mentioned this issue Jul 5, 2022
Closed
@udf2457
Copy link
Author

udf2457 commented Jul 5, 2022
edited

Also this comment (located just above script_attributes) needs to change too, since it is inherently not true:

Set attributes that will be rendered on all script and link tags

https://github.com/symfony/recipes/blob/873d9cf36aa2d8fc0211a358bb0e03ef090d83c1/symfony/webpack-encore-bundle/1.10/config/packages/webpack_encore.yaml#L7

@Lyrkan
Copy link
Contributor

Lyrkan commented Jul 5, 2022

unless, like you said, that line is higher up

That's not what I said though, I was talking about the indentation, not the line (which doesn't matter).
With the current version of the recipe it should work if you uncomment crossorigin: 'anonymous' (i.e. remove the # and the following space).

What your file looked like:
image

What it should have been:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Lyrkan @udf2457