-
-
Notifications
You must be signed in to change notification settings - Fork 8.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webpack 5 and webpack-subresource-integrity compatibility #10826
Comments
improve compat for MainTemplate runtime hooks fixes #10826
I'll fix that in the compat layer, so the plugin should work (with deprecation warnings) without change. |
Thanks, but we already have a |
To fix it properly attach all information shared between runtime modules to the |
Interesting, but if RuntimeModule is in a different chunk, how is that chunk loaded? I'm asking because it will also need to be loaded with SRI. Are you talking about a hypothetical future Webpack release or is this something that is possible with version 5? |
This e. g. happens for HMR updates. When you add a chunk the runtime module with the chunk mapping need to be updated. So the HMR chunk would contain the updated RuntimeModule (e. g. here the JsonpChunkLoadingRuntimeModule). Technically this could happen for all RuntimeModules. When they are in the HMR chunk they won't share the scope with the original runtime chunk. We also would like to have the option to lazy load runtime modules. This is not used yet, but would also cause non-shared scopes. That's why you should use |
webpack 4 didn't have the ability to put runtime code into HMR chunks. This causes bugs if the add chunks and chunks use something else than |
I see, thanks for the explanation. I'm guessing attaching to |
Best use a prefix like webpack itself often uses single letter properties, so avoid these.
I don't think that's necessary. You would have to use a named symbol anyway, which would be global too^^ |
Oh, good point.. ha! Ok, I'm going to give that a try and let you know., can't see why it wouldn't work. |
This works nicely! There's one minor snag: it seems we also need to hook into the Alternatively, if there was a new type of hook called for every inserted |
@sokra we're now using a hash in I'm assuming you're not making any guarantees that the key will keep using this format, so I would like to turn this into something less brittle as soon as possible. I suppose we could also use Could you advise, please? I believe the cleanest solution would be if |
Hi, our plugin works by creating a map from chunk ID to integrity value, adding that map as a constant into the JSONP template and adding code to set the
integrity
attribute on each injected script and link tag by looking up the chunk ID in that map.I suppose this has always been a hack but it used to work fine up until Webpack 5 beta 9. In more recent beta versions there is the following problem from our plugin's perspective:
The code for generating script and link preload tags now lives in separate closures, which means that if we add the variable containing the map from chunk ID to integrity in one of the templates, it isn't visible from the other.
I've tried finding a workaround and there are various hacks we could do, but I think the best solution is to add a new hook that would let us inject code into the template around where
var installedChunks
is defined. Unless I'm missing another way of doing this cleanly, would you consider adding a hook like this?The text was updated successfully, but these errors were encountered: