Closed wkaczurba closed 6 years ago
Historically we've modified the jquery.min.js
to include reference to the map:
//# sourceMappingURL=jquery.min.map
And since we pull files that have version numbers in the names, but then remove the versions, we update the jquery.min.map
file to reference the version-less filename.
I'm not sure what the latest is with providing source mapping info to the browser. Maybe we no longer need to add that. For the jquery.min.map
maybe we should pull from https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
instead of http://code.jquery.com/jquery-3.3.1.min.js
but is that cloudflare location the right place to pull from? Where do they get their versionless files from?
HI James,
Both https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js and http://code.jquery.com/jquery-3.3.1.min.js have the same content. My problem is with the additional line in webjars' JQuery as it leads to different SRI.
In my dev I use Thymeleaf templates in the following manner:
<script th:src="@{/webjars/tether/1.4.3/dist/js/tether.min.js}" src="https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.3/js/tether.min.js" integrity="sha256-mIiWebTG82x+OcV3vUA49ffGDIAJ53uC9jflw5/+REs=" crossorigin="anonymous"></script>
Now I cannot use the above for JQuery, as SRI are different for webjars' Jquery and CDN's Jquery. Thymeleaf does not have th:integrity attribute that would override normal (CDN's) integrity attribute when running in Spring-Boot. This forced me to rely only on CDN's version (no webjars) as below:
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"
integrity="sha384-tsQFqpEReu7ZLhBV2VZlAu7zcOV+rXbYlF2cqB8txI/8aZajjp4Bqd+V6D5IgvKT" crossorigin="anonymous"></script>
I'm releasing 3.3.1-1
with the plain cloudflare sources. We'll see if this causes any issues. For possible future reference, here is what jQuery says about source maps:
as of version 1.10.0/2.1.0 the compressed jQuery no longer includes the sourcemap comment in CDN copies because it requires the uncompressed file and sourcemap file to be placed at the same location as the compressed file. If you are maintaining local copies and can control the locations all three files, you can add the sourcemap comment to the compressed file for easier debugging.
Hi.
I noticed that CDN's jquery.min.js and webjar's jquery.min.js have different SRIs what led me to finding that they have different content. Here are some more details how to replicate:
https://stackoverflow.com/questions/48820493/webjars-3-3-1-jquery-min-js-different-from-cdns-3-3-1-jquery-min-js-mismatchin
Any ideas/comments?
Cheers Vito