RequireJS & Subresource Integrity (SRI) - requirejs

Does anybody know how to set up Subresource Integrity (SRI) attributes for the JS URLs that are located in the 'paths' area of the config file in RequireJS?
RequireJS say on their website that it supports SRI, but I can't find any information out there on how to implement it.

Related

How to enable cross origin isolation? (the specifics)

I am hosting a website using 1and1 (ionos), and it is serving a HTML page with imported CSS and JS. I am trying to figure out how to enable cross origin isolation, but all I can find is that we need to enable certain response headers: https://web.dev/cross-origin-isolation-guide/.
Specifically in these instructions:
What does it mean to set a header on a top-level document? How does one accomplish this? I have done plenty of searching but have not found details on how to create/enable these response headers.
I need to do this in order to use SharedArrayBuffer in Firefox.

Http cache for symfony

I want to follow Google's directive in terms of cache headers for images, scripts and styles.
After reading symfony's documentation about http cache, I decided to install FOSHttpCacheBundle. The I set up rules for path like ^/Resources/ or ^/css/. I then fail to see it the proper headers for my images using Chrome's console.
Alternatively, I have read that, since my server is handling the resource, this is not Symfony that deals with this matter (yet I read in the doc that Symfony Proxy was good for shared-hosting servers, which is what I have).
So should I just add lines to my .htaccess as explained in here, or am I simply misusing FOSHttpCacheBundle? (Or both.)
Static files (including javascript files, CSS stylesheets, images, fonts...) are served directly by the web server. As the PHP module is not even loaded for such files, you must configure the server to set proper HTTP headers. You can do it using a .htaccess file if you use Apache but doing it directly in httpd.conf/apache2.conf/vhost conf (depending of your configuration) will be better from a performance point of view.
If you also want want to set HTTP cache headers for dynamic content (HTML generated by Symfony...), then you must use FosHttpCache or any other method provided by Symfonny such as the #Cache annotation.

module for html to file caching

Is there module for html to file caching. For example every time on request url /abc it searchs file /abc in cache folder and if found read it to string var and then
res.send (htmlFromCache);
And on every request end it write html to cache folder. So hard pages can be loaded only one time and then load fast from file cache.
What express does by default is caching the rendering function for a given view template (if you are passing NODE_ENV=production, of course). I know a module that may help you improve your web site performance by adding etags to dynamically generated content.
Have a look at this module: https://github.com/lloyd/connect-etagify
There is also this article available https://hacks.mozilla.org/2013/02/fantastic-front-end-performance-in-node-part-2-a-node-js-holiday-season-part-6/ where you will find a much deeper explanation and wether this fits your use case or not!

What are the express equivalents to Rails' asset pipeline and asset paths

I'm looking to solve two problems:
Rewriting URLs in production to use a CDN URL instead of the original domain name
Concatenation and minification of client side JS and CSS
There seems to be a few options for for achieving the latter, for example asset-smasher. However I'm finding it hard to find a good solution for rewriting images and other assets. Any libraries out there to help?
Thanks!

ExpressionEngine access via both http and https

We have an ExpressionEngine site we’re accessing via both http and https. Our users get security warnings from IE when accessing via https because some assets are accessed insecurely (CSS and images referenced there, in this case).
This happens when the setting ‘General Config -> URL to the root directory of your site’ includes the http:// protocol identifier (With that field blank, set just to the site domain [example.com], or set without a protocol [//example.com/], we encounter other problems, so those are not really an option). The problematic URLs are, of course, those generated with {path=} or {stylesheet=} in the templates.
Is there a good way to get all assets delivered via the same protocol as the page?
Thanks,
Scott
It's because EE variables don't detect or utilise https by default, so you have to set them in code. The easiest way is to use an add-on:
http://devot-ee.com/add-ons/https-support
http://devot-ee.com/add-ons/dm-force-ssl
http://devot-ee.com/add-ons/force-ssl (commercial)
(In no particular order) I've not used any of these so can't recommend a specific one as I use my own plugin.
Do you need to include the root URL? Often times I'll set the root URL of a site to just '/'.
Another option would be to manually include those assets (not using path or style helpers).
If a URL is realtive it will automatically inherit the current protocol.
You can detect the protocol with PHP and set it dynamically in your system/expressionengine/config/config.php file. I use something like this:
$protocol = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https://" : "http://";
$base_url = $protocol . $_SERVER['HTTP_HOST'];
$config['base_url'] = $base_url . "/";
You can build your theme paths, various image paths, upload paths, etc all from that basis in config.php. But $config['site_url'] is what affects the output of {path=""} and {stylesheet} tags.
For more information, see NSM's Config Bootstrap file or the article Configuring ExpressionEngine for multiple servers. For all the paths you can set in config.php, see EE2 Config Overrides

Resources