Closed liefke closed 3 months ago
By the way, I'd guess that the current Push implementation is even the root cause for #5391, at least on Firefox.
This is part of the spec: https://jakarta.ee/specifications/faces/4.0/jakarta-faces-4.0#a457
If running on a container that supports Jakarta Servlet 4.0 or later, after any dynamic component manipulations have been completed, any resources that have been added to the UIViewRoot, such as scripts, images, or stylesheets, and any inline images, must be pushed to the client using the Jakarta Servlet Server Push API. All of the pushes must be started before any of the HTML of the response is rendered to the client.
So removing is not an option. However, you're right that it should not have pushed commandlinks let alone external resources. The implementation is indeed incorrect in this regard.
Thanks for fixing this.
But the reference to the spec is only half the truth - as you could deal with the issue in the next release of the spec. I guess that you understand the argument of the wasted bandwidth and that HTTP/2 Push is a dead end.
Nevertheless I still think, that encodeResourceURL
is the wrong place for initiating the push, as the method could be called for any resource, not only for resources that have been added to the UIViewRoot (as required by the spec).
Fair point.
Describe the bug
When a browser and server with HTTP/2 Push support is used (like FireFox and WildFly), all URLs referenced by an
<h:outputLink value="...">
are pushed to the client, which leads to premature requests for these resources.To Reproduce
Steps to reproduce the behavior:
Create a webapp with this index.xhtml:
Turn on the access log of your server (I used WildFly 31.0.1.Final for testing).
Start the server and deploy the webapp
Open your webapp in the current Firefox 123.0.1 using HTTPS (to trigger usage of HTTP/2)
Check the access logs.
You will find the following:
As you can see, each outputLink is "prefetched" by Firefox, even the external URL.
In combination with some redirects in my application I even managed (unintentionally) to produce an endless loop of requests.
Expected behavior
I only see one request for "/" in the access log, nothing else.
Versions
Workarounds
Turn off HTTP/2 Push in your server, example for the standalone.xml in WildFly:
Or create an
ExternalContext
wrapper in your application and overwriteencodeResourceURL
:Analysis
I would never expect a HTTP/2 Push for URLs of a
h:commandLink
. If necessary at all, JSF should only push resources ofh:graphicImage
and should not useExternalContextImpl.encodeResourceUrl
for that purpose, as the push is an unexpected side effect of a call to that method. In addition evenh:graphicImage
should check, if the URL is an external URL.Nevertheless I would remove HTTP/2 Push support from JSF at all, see the quote here: