Skip to content

Commit

Permalink
Revert #301 Add SRI
Browse files Browse the repository at this point in the history
This is a manual revert, as the PR could not be reverted automatically.
We're reverting this PR because there is a bug in the SRI implementation
of Firefox versions upto 52 which at time of writing accounts for 0.7% of
total traffic (~315k users).  We still want to implement SRI, but for now
we're holding off until we'd impact fewer users.
  • Loading branch information
h-lame committed May 22, 2017
1 parent 931fec1 commit 0d309f1
Show file tree
Hide file tree
Showing 13 changed files with 4 additions and 197 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Development

- Revert SRI to avoid breaking the site for Firefox users on versions less than 52 [PR #308](https://github.com/alphagov/govuk_template/pull/301)

# 0.21.0

- Adds SRI to js and css assets ([PR #301](https://github.com/alphagov/govuk_template/pull/301)). This requires `sprockets-rails` >= 3.0 in the projects using this gem.
Expand Down
51 changes: 0 additions & 51 deletions build_tools/compiler/template_processor.rb
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
require 'erb'
require 'active_support/core_ext/hash'
require 'active_support/core_ext/array'

module Compiler
class TemplateProcessor

def initialize(file)
@file = file
@is_stylesheet = !!(file =~ /\.css\.erb\z/)
Expand Down Expand Up @@ -41,53 +38,5 @@ def asset_path(file, options={})
def method_missing(name, *args)
puts "#{name} #{args.inspect}"
end

def stylesheet_link_tag(*sources)
options = exclude_sri_fields(sources.extract_options!)
sources.uniq.map { |source|
link_options = {
"rel" => "stylesheet",
"media" => "screen",
"href" => asset_path(source)
}.merge!(options)
tag(:link, tag_options(link_options))
}.join("\n")
end

def javascript_include_tag(*sources)
options = exclude_sri_fields(sources.extract_options!)
sources.uniq.map { |source|
script_options = {
"src" => asset_path(source)
}.merge!(options)
content_tag(:script, tag_options(script_options))
}.join("\n")
end

def exclude_sri_fields(options)
options.stringify_keys.except("integrity", "crossorigin")
end

def content_tag(name, options = nil)
"<#{name}#{options}></#{name}>"
end

def tag(name, options)
"<#{name}#{options}/>"
end

def tag_options(options)
return if options.empty?
output = "".dup
sep = " "
options.each_pair do |key, value|
if !value.nil?
output << sep
output << %(#{key}="#{value}")
end
end
output unless output.empty?
end

end
end
17 changes: 0 additions & 17 deletions docs/using-with-rails.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,20 +38,3 @@ Or to add content to `<head>`, for stylesheets or similar:
```

Check out the [full list of blocks](template-blocks.md) you can use to customise the template.

## SRI

`govuk_template` >= 20.0.0 can be used together with `sprockets-rails` >= 3.0.0 in order to make use of the SRI

You can read more about SRI [here](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).

SRI will add an `integrity` attribute on your script tags:

`<script src="https://example.com/example.css"
integrity="sha384oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8w"
crossorigin="anonymous"></script>`

The example above is generated automatically by sprockets-rails in your project if the integrity option is set to true:

`<%= stylesheet_script_tag 'example', integrity: true %>`

2 changes: 0 additions & 2 deletions spec/build_tools/compiler/django_processor_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@ def valid_sections
let(:file) {"some/file.erb"}
subject {described_class.new(file)}

it_behaves_like "a processor"

describe "#handle_yield" do
valid_sections.each do |key, content|
it "should render #{content} for #{key}" do
Expand Down
2 changes: 0 additions & 2 deletions spec/build_tools/compiler/ejs_processor_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,6 @@ def valid_sections
let(:file) {"some/file.erb"}
subject {described_class.new(file)}

it_behaves_like "a processor"

describe "#handle_yield" do
valid_sections.each do |key, content|
it "should render #{content} for #{key}" do
Expand Down
2 changes: 0 additions & 2 deletions spec/build_tools/compiler/jinja_processor_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,6 @@ def valid_sections
let(:file) {"some/file.erb"}
subject {described_class.new(file)}

it_behaves_like "a processor"

describe "#handle_yield" do
valid_sections.each do |key, content|
it "should render #{content} for #{key}" do
Expand Down
11 changes: 0 additions & 11 deletions spec/build_tools/compiler/liquid_processor_spec.rb

This file was deleted.

11 changes: 0 additions & 11 deletions spec/build_tools/compiler/mustache_inheritance_processor_spec.rb

This file was deleted.

2 changes: 0 additions & 2 deletions spec/build_tools/compiler/mustache_processor_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ def valid_sections
let(:file) {"some/file.erb"}
subject {described_class.new(file)}

it_behaves_like "a processor"

describe "#handle_yield" do
valid_sections.each do |key, content|
it "should render #{content} for #{key}" do
Expand Down
11 changes: 0 additions & 11 deletions spec/build_tools/compiler/plain_processor_spec.rb

This file was deleted.

2 changes: 0 additions & 2 deletions spec/build_tools/compiler/play_processor_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,6 @@ def expected_parameter_names
describe Compiler::PlayProcessor do
subject { described_class.new("dummy filename") }

it_behaves_like "a processor"

describe "top_of_page" do
it "declares all of the template parameters" do
expected_parameter_names.each do |parameter_name|
Expand Down
80 changes: 0 additions & 80 deletions spec/support/examples/processor.rb

This file was deleted.

6 changes: 0 additions & 6 deletions spec/support/uses_of_yield.rb
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,6 @@ def asset_path(*args)
def method_missing(name, *args)
puts "#{name} #{args.inspect}"
end

def stylesheet_link_tag(*sources)
end

def javascript_include_tag(*sources)
end
end

# return an array of unique values passed to yield in the templates
Expand Down

0 comments on commit 0d309f1

Please sign in to comment.