Skip to content

support subresource integrity for bootstrapScripts and bootstrapModules #25104

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 17, 2022
Merged

support subresource integrity for bootstrapScripts and bootstrapModules #25104

merged 1 commit into from
Aug 17, 2022

Conversation

gnoff
Copy link
Collaborator

@gnoff gnoff commented Aug 16, 2022

This change adds support for subresource integrity on bootstrapScripts and bootstrapModules.

if you provide an object like { src: string, integrity?: string } in either bootstrap option it will escape and emit the integrity value (if provided) in the integrity attribute of the script tag.

@gnoff gnoff requested a review from sebmarkbage August 16, 2022 17:55
@sizebot
Copy link

sizebot commented Aug 16, 2022
edited
Loading

Comparing: 6ef466c...6aaf498

Critical size changes

Includes critical production bundles, as well as any change greater than 2%:

Name +/- Base Current +/- gzip Base gzip Current gzip
oss-stable/react-dom/cjs/react-dom.production.min.js = 134.28 kB 134.28 kB = 42.94 kB 42.94 kB
oss-experimental/react-dom/cjs/react-dom.production.min.js = 140.35 kB 140.35 kB = 44.74 kB 44.74 kB
facebook-www/ReactDOM-prod.classic.js = 474.44 kB 474.44 kB = 84.87 kB 84.88 kB
facebook-www/ReactDOM-prod.modern.js = 459.68 kB 459.68 kB = 82.63 kB 82.63 kB
facebook-www/ReactDOMForked-prod.classic.js = 474.44 kB 474.44 kB = 84.88 kB 84.88 kB

Significant size changes

Includes any change greater than 0.2%:

Expand to show
Name +/- Base Current +/- gzip Base gzip Current gzip
facebook-www/ReactDOMServerStreaming-prod.modern.js +1.04% 84.74 kB 85.62 kB +0.72% 17.78 kB 17.91 kB
oss-stable-semver/react-dom/umd/react-dom-server.browser.production.min.js +0.64% 36.20 kB 36.43 kB +0.55% 12.57 kB 12.64 kB
oss-stable/react-dom/umd/react-dom-server.browser.production.min.js +0.63% 36.23 kB 36.46 kB +0.54% 12.59 kB 12.66 kB
oss-stable-semver/react-dom/cjs/react-dom-server.browser.production.min.js +0.63% 36.10 kB 36.33 kB +0.65% 12.43 kB 12.51 kB
oss-stable/react-dom/cjs/react-dom-server.browser.production.min.js +0.63% 36.12 kB 36.35 kB +0.64% 12.45 kB 12.53 kB
oss-experimental/react-dom/cjs/react-dom-static.browser.production.min.js +0.63% 36.57 kB 36.80 kB +0.62% 12.62 kB 12.70 kB
oss-experimental/react-dom/cjs/react-dom-server.browser.production.min.js +0.62% 36.69 kB 36.92 kB +0.61% 12.67 kB 12.74 kB
oss-experimental/react-dom/umd/react-dom-server.browser.production.min.js +0.62% 36.79 kB 37.02 kB +0.43% 12.78 kB 12.83 kB
oss-stable-semver/react-dom/cjs/react-dom-server.node.production.min.js +0.56% 39.64 kB 39.86 kB +0.50% 13.47 kB 13.54 kB
oss-stable/react-dom/cjs/react-dom-server.node.production.min.js +0.55% 39.66 kB 39.88 kB +0.50% 13.50 kB 13.56 kB
oss-experimental/react-dom/cjs/react-dom-static.node.production.min.js +0.55% 40.25 kB 40.47 kB +0.50% 13.73 kB 13.79 kB
oss-experimental/react-dom/cjs/react-dom-server.node.production.min.js +0.55% 40.28 kB 40.50 kB +0.52% 13.72 kB 13.80 kB
facebook-www/ReactDOMServerStreaming-dev.modern.js +0.35% 249.38 kB 250.26 kB +0.27% 59.22 kB 59.38 kB
facebook-www/ReactDOMServer-dev.modern.js +0.35% 253.80 kB 254.68 kB +0.25% 60.24 kB 60.39 kB
facebook-www/ReactDOMServer-dev.classic.js +0.34% 260.45 kB 261.34 kB +0.25% 61.65 kB 61.80 kB
oss-stable-semver/react-dom/cjs/react-dom-server.browser.development.js +0.33% 246.47 kB 247.27 kB +0.24% 59.73 kB 59.88 kB
oss-stable/react-dom/cjs/react-dom-server.browser.development.js +0.33% 246.49 kB 247.30 kB +0.24% 59.76 kB 59.90 kB
oss-stable-semver/react-dom/cjs/react-dom-server-legacy.browser.development.js +0.32% 247.46 kB 248.26 kB +0.27% 59.59 kB 59.74 kB
oss-stable/react-dom/cjs/react-dom-server-legacy.browser.development.js +0.32% 247.48 kB 248.28 kB +0.26% 59.61 kB 59.77 kB
oss-experimental/react-dom/cjs/react-dom-static.browser.development.js +0.32% 247.54 kB 248.34 kB +0.24% 59.98 kB 60.13 kB
oss-stable-semver/react-dom/cjs/react-dom-server.node.development.js +0.32% 247.71 kB 248.51 kB +0.25% 59.65 kB 59.80 kB
oss-stable/react-dom/cjs/react-dom-server.node.development.js +0.32% 247.73 kB 248.54 kB +0.25% 59.67 kB 59.82 kB
oss-experimental/react-dom/cjs/react-dom-server.browser.development.js +0.32% 248.23 kB 249.04 kB +0.25% 60.18 kB 60.33 kB
oss-stable-semver/react-dom/umd/react-dom-server.browser.development.js +0.32% 258.51 kB 259.35 kB +0.25% 60.42 kB 60.58 kB
oss-stable/react-dom/umd/react-dom-server.browser.development.js +0.32% 258.54 kB 259.37 kB +0.25% 60.45 kB 60.60 kB
oss-stable-semver/react-dom/cjs/react-dom-server-legacy.node.development.js +0.32% 249.16 kB 249.97 kB +0.25% 60.05 kB 60.21 kB
oss-stable/react-dom/cjs/react-dom-server-legacy.node.development.js +0.32% 249.19 kB 249.99 kB +0.25% 60.08 kB 60.23 kB
oss-experimental/react-dom/cjs/react-dom-server-legacy.browser.development.js +0.32% 249.22 kB 250.03 kB +0.26% 60.04 kB 60.19 kB
oss-experimental/react-dom/cjs/react-dom-static.node.development.js +0.32% 249.43 kB 250.24 kB +0.24% 60.19 kB 60.34 kB
oss-experimental/react-dom/cjs/react-dom-server.node.development.js +0.32% 249.47 kB 250.28 kB +0.24% 60.09 kB 60.24 kB
oss-stable-semver/react-dom/umd/react-dom-server-legacy.browser.development.js +0.32% 259.52 kB 260.36 kB +0.26% 60.31 kB 60.46 kB
oss-stable/react-dom/umd/react-dom-server-legacy.browser.development.js +0.32% 259.54 kB 260.38 kB +0.26% 60.33 kB 60.48 kB
oss-experimental/react-dom/umd/react-dom-server.browser.development.js +0.32% 260.38 kB 261.22 kB +0.24% 60.86 kB 61.00 kB
oss-experimental/react-dom/cjs/react-dom-server-legacy.node.development.js +0.32% 250.93 kB 251.73 kB +0.26% 60.51 kB 60.66 kB
oss-experimental/react-dom/umd/react-dom-server-legacy.browser.development.js +0.32% 261.39 kB 262.22 kB +0.26% 60.73 kB 60.89 kB

Generated by 🚫 dangerJS against 6aaf498

@gnoff gnoff merged commit 1e5245d into facebook:main Aug 17, 2022
@gnoff gnoff deleted the fizz-sri branch August 17, 2022 07:31
Biki-das added a commit to Biki-das/react-1 that referenced this pull request Aug 18, 2022
@Biki-das
Revert "support subresource integrity for bootstrapScripts and bootst…
931d7de 
…rapModules (facebook#25104)"

This reverts commit 1e5245d.
@Biki-das Biki-das mentioned this pull request Aug 18, 2022
Closed
GrinZero added a commit to GrinZero/react that referenced this pull request Aug 31, 2022
@GrinZero
Merge branch 'main' of ssh://github.com/GrinZero/react
ca0bdeb 
* 'main' of ssh://github.com/GrinZero/react: (26 commits)
  [devtools][easy] Fix flow type (facebook#25147)
  Remove Symbol Polyfill (again) (facebook#25144)
  Remove ReactFiberFlags MountLayoutDev and MountPassiveDev (facebook#25091)
  experimental_use(promise) (facebook#25084)
  [Transition Tracing] onMarkerIncomplete - Tracing Marker/Suspense Boundary Deletions (facebook#24885)
  [Flight] Add support for Webpack Async Modules (facebook#25138)
  Fix typo: supportsMicrotask -> supportsMicrotasks (facebook#25142)
  Allow functions to be used as module references (facebook#25137)
  Test the node-register hooks in unit tests (facebook#25132)
  Return closestInstance in `getInspectorDataForViewAtPoint` (facebook#25118)
  [DevTools] Highlight RN elements on hover (facebook#25106)
  Update fixtures/flight to webpack 5 (facebook#25115)
  Align StrictMode behaviour with production (facebook#25049)
  Scaffolding for useMemoCache hook (facebook#25123)
  devtools: Fix typo from directores to directories (facebook#25124)
  fixture: Fix typo from perfomrance to performance (facebook#25100)
  [DevTools] Add events necessary for click to inspect on RN (facebook#25111)
  Add missing createServerContext for experimental shared subset (facebook#25114)
  support subresource integrity for bootstrapScripts and bootstrapModules (facebook#25104)
  make preamble and postamble types explicit and fix typo (facebook#25102)
  ...
rickhanlonii pushed a commit that referenced this pull request Oct 6, 2022
@gnoff @rickhanlonii
support subresource integrity for bootstrapScripts and bootstrapModul…
360a6c4 
…es (#25104)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sebmarkbage sebmarkbage sebmarkbage approved these changes

Assignees
No one assigned
Labels
CLA Signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gnoff @sizebot @sebmarkbage @facebook-github-bot