Skip to content

Add manifest data #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add manifest data #1

wants to merge 1 commit into from

Conversation

@jkmassel
Copy link

@jkmassel jkmassel commented Mar 5, 2025

No description provided.

dcalhoun
dcalhoun reviewed Mar 6, 2025
View reviewed changes
block-editor-assets-endpoint.php
'scripts_html' => $scripts,
'scripts' => $script_urls,
'styles' => $style_urls,
'hash' => hash( 'sha256', join($script_urls) . join($style_urls) ),
Copy link
Member

@dcalhoun dcalhoun Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WordPress allows inline scripts that do not have a src attribute. Should the hash instead rely upon the id attribute to ensure we account for all dependencies?I believe all dependencies have an id attributes—at least WP 5.5 and later.

Copy link
Author

@jkmassel jkmassel Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we just hash the id attribute, the content could change within a script and we wouldn't detect it, right?

Whereas hopefully the URLs all contain their own hash of the contents of the file?

Inline scripts wouldn't invalidate the hash because we drop the scripts_html verbatim into the HTML page, so we should always have the latest version (we'd always need to validate the hash against what we already have before loading the editor, or if we can't reach the Internet, we'll proceed offline)

Copy link
Member

@dcalhoun dcalhoun Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we just hash the id attribute, the content could change within a script and we wouldn't detect it, right?

Whereas hopefully the URLs all contain their own hash of the contents of the file?

Yeah, that's a good point. Using an id wouldn't be enough.

Inline scripts wouldn't invalidate the hash because we drop the scripts_html verbatim into the HTML page, so we should always have the latest version (we'd always need to validate the hash against what we already have before loading the editor, or if we can't reach the Internet, we'll proceed offline)

My worry related to a scenario where only an inline script changed. Presumably, in that context, the hash would not change, and we'd load a cached HTML file that includes outdated inline scripts. Is that incorrect?

block-editor-assets-endpoint.php
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'permission_callback' => '__return_true',
Copy link
Member

@dcalhoun dcalhoun Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Friendly reminder that we should revert this before merging.

Copy link
Author

@jkmassel jkmassel Mar 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heh yep!!

@dcalhoun dcalhoun mentioned this pull request Jun 20, 2025
Closed
3 tasks
@crazytonyli crazytonyli mentioned this pull request Jun 25, 2025
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dcalhoun dcalhoun dcalhoun left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkmassel @dcalhoun