search

plone / Products.CMFPlone

The core of the Plone content management system
https://plone.org
GNU General Public License v2.0
246 stars 187 forks source link

CSS/JS overriding through z3c.jbot doesn't work anymore #3698

Open laulaz opened 1 year ago

laulaz commented 1 year ago

What I did:

We had a JS override in our product, using z3c.jbot. The purpose was to override plone.gallery/browser/static/dist/spotlight.bundle.js which is registered in portal resources.

We have defined an overrides folder, containing the file plone.gallery.browser.static.dist.spotlight.bundle.js.

It was working great in Plone 6.0.0a3

What actually happened:

In Plone 6.0.0rc2, our script tag became :

<script integrity="sha384-8jyzRkopDwSSyhtsYo9JACJLt5QdBL84pdU093DhJSddosrxdM1p/aA8eNHuorRt" 
        src="http://localhost:8080/Plone/++webresource++50cfa2cd-62c3-55b6-91c5-3bf2ebf95b1a/++plone++plone.gallery/dist/spotlight.bundle.js"></script>

The override is not working anymore, because of the sha384 integrity check on the resource :

This results in an error in browser console & blocking of the resource :

Failed to find a valid digest in the 'integrity' attribute for resource
'http://localhost:8080/Plone/++webresource++50cfa2cd-62c3-55b6-91c5-3bf2ebf95b1a/++plone++plone.gallery/dist/spotlight.bundle.js'
with computed SHA-384 integrity 'yPaxu0gKuzasDzxpGkpggvjdjc7EtQYAiy5CHiwac8qidY2I6CZQfpuJwAgCSG2w'.
The resource has been blocked.

What version of Plone/ Addons I am using:

Plone 6.0.0rc2

Does anyone else has this problem ? Maybe overriding resources like this should not be done anymore ?

petschki commented 1 year ago

Why not use the resource registry directly: (untested!)

  1. copy the bundle you want to override to your package resource directory (eg. ++resource++my.theme/override-bundle.js)
  2. register it in RR with the ID from the original bundle: 
    <records
prefix="plone.bundles/original-bundle-id"
interface='Products.CMFPlone.interfaces.IBundleRegistry'>
<value key="enabled">True</value>
<value key="depends"></value>
<value key="load_async">False</value>
<value key="load_defer">False</value>
<value key="jscompilation">++resource++my.theme/override-bundle.js</value>
<value key="csscompilation"></value>
</records>

note: make sure the original registration is loaded before your package registration

laulaz commented 1 year ago

@petschki thank you for your answer 🙏 Of course we can do that (and we did in our customer project, we transformed the override into a custom owned bundle).

With this issue, I just wanted to point out that there is (IMHO) a usecase regression for z3c.jbot.

yurj commented 1 year ago

Maybe it is because it is no longer using resources_overrides?

I'm unable to create something here: https://6-classic.demo.plone.org/portal_resources/resource_overrides/manage_main

using the RR control panel, so I think you cannot override it anymore with z3c.jbot.

jensens commented 1 year ago

is this still valid?

laulaz commented 1 year ago

@jensens unfortunately yes, still valid (tested on Plone 6.0.2)