Disable sw-precache plugin's navigateFallback #3024
Conversation
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need the corporate CLA signed. If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
| @@ -343,6 +343,10 @@ module.exports = { | |||
| navigateFallbackWhitelist: [/^(?!\/__).*/], | |||
| // Don't precache sourcemaps (they're large) and build asset manifest: | |||
| staticFileGlobsIgnorePatterns: [/\.map$/, /asset-manifest\.json$/], | |||
| // Precache files in public/, and allow them to be accessed directly | |||
| staticFileGlobs: ['./public/**/*'], | |||
There was a problem hiding this comment.
What is it resolving this path against?
There was a problem hiding this comment.
i've swapped this out for paths.appPublic in the latest commit
| @@ -343,6 +343,10 @@ module.exports = { | |||
| navigateFallbackWhitelist: [/^(?!\/__).*/], | |||
| // Don't precache sourcemaps (they're large) and build asset manifest: | |||
| staticFileGlobsIgnorePatterns: [/\.map$/, /asset-manifest\.json$/], | |||
| // Precache files in public/, and allow them to be accessed directly | |||
| staticFileGlobs: [paths.appPublic + '/**/*'], | |||
There was a problem hiding this comment.
can we whitelist the extension here? I usually have .htaccess and index.php in public folder, will it also download these files?
There was a problem hiding this comment.
the .htaccess will not, because it won't be picked up by the glob.
it will try to download the index.php, the result of which will depend on the configuration of your server.
this highlights something that might surprise a user just as much as them being unable to access their public/ files:
anything you put in public/ will now be precached during the first load.
depending on what people are doing in their public/ folder, this could have alarming consequences.
There was a problem hiding this comment.
in my own use case i've favoured navigate ignoring requests which appear to have file extensions.
but this is not ideal either, because we can't know what routes the user wants to handle in their app.
i think the least surprising behaviour would be for everything in public/ to be ignored by navigateFallback.
the configuration for navigateFallback is, however, an array of RegExps called navigateFallbackWhitelist
the code would be bizarre, and could result in quite a long list of RegExps for the service worker to match against for every request.
like, you'd be setting the whitelist to something like:
navigateFallbackWhitelist:
filesInPublic.map(path =>
RegExp('^(?!' + path + ').*$')
)
which is not ideal.
the dream would be if there were a navigateFallbackBlacklist.
@jeffposnick mentioned here that that was planned for a future library
There was a problem hiding this comment.
(actually that wouldn't even work because it is checked with whitelist.some. so everything would pass one of the regexen.)
this might:
navigateFallbackWhitelist: [ '(?!' + filesInPublic.join('|') + ').*$' ]though it would still falsly match lol.md5 if there was a file called lol.md in public.
not ideal.
negative regex is hard
There was a problem hiding this comment.
how about just whitelist it for now?
staticFileGlobs: ['js', 'css', 'json', 'html', 'svg', 'otf', 'ttf'].map(ext => paths.appPublic + '/**/*.' + ext),
will it navigate correctly?
There was a problem hiding this comment.
ah, the non-whitelisted extensions would still not be able to be accessed... navigateFallbackBlacklist would be ideal...
There was a problem hiding this comment.
plus we'd be making a decision as to what files would be accessible and viewable in browser for the user, which may be quite surprising. (ie: how come i could visit my data.json but not my data.txt, how come view image in new tab doesn't work for .gifs)
@jeffposnick would you consider a PR on sw-precache adding a navigateFallbackBlacklist, with a default of [] that returned early if url matches any of its items?
however, switching to such a blacklist would mean there'd be no way of doing what this PR would do in its current state, which is getting something into precache that isn't required in the js.
@viankakrisna what is your expected behaviour for that index.php in public/? it surely isn't currently working once the service worker has installed?
There was a problem hiding this comment.
@chee mainly for injecting initial data and user agent redirects. i want to send server generated markup for bots. It would still work for initial request and bots (afaik no bots will install sw right?).
There was a problem hiding this comment.
ah that makes sense.
so if there was a fallback blacklist then it would behave the same as it does now for you, but with this pull request a user would be needlessly caching the result of your index.php running
There was a problem hiding this comment.
Yeah, and i thought it would cache the contents of index.php. Thanks for clearing that up!
|
i'm going to leave this open as it was what @jeffposnick suggested, but i'm personally going to favour building this way i don't have to eject but i still get to control this part of my application. there's something to be said for writing about this in the README.md, as it looks like the desire for more control of the service worker is a considerable force in the issues and pull requests open now on this repository, and it only takes a few moments to set it up. it's optional configuration without ejection if the defaults don't fit your application's needs, and is more in line with adding further code or libraries to your application than abandoning the simplicity of |
|
Using While testing out the service worker behavior, you'll often find yourselves navigation to a |
|
actual users may well right click and try to view an image in a new tab, however, which is disabled in a surprising manner by this (unless the image was included in the javascript, which maybe that's the only supported way). with my blog (which was from where i came across this), i let people look at the original markdown source of my posts by appending i don't feel entirely comfortable with making the presumption that users probably don't want to navigate to most of the files in |
Beware that files in /public are redirected by service worker to index.html Means that https://webhooks.integrations.costlocker.com/favicon.ico is accessible on in anonymous window :) facebook/create-react-app#2894 (comment) facebook/create-react-app#3024 (comment)
https://fakturoid.integrations.costlocker.com/api/redirect?project=52375&billing=NEW&amount=78600 https://user-images.githubusercontent.com/7994022/30257989-ed274944-96b5-11e7-99b2-34274efd01c9.png service worker swallows requests... facebook/create-react-app#2894 (comment) facebook/create-react-app#3024 (comment)
|
I feel like the It might be a good idea to move forward with that and then, if needed, adjust the pattern to be more or less restrictive if there's feedback post-deployment? |
|
Hello! I'm a bot that helps facilitate testing pull requests. Your pull request (commit 60145f9) has been released on npm for testing purposes. npm i react-scripts-dangerous@1.0.13-60145f9.0
# or
yarn add react-scripts-dangerous@1.0.13-60145f9.0
# or
create-react-app --scripts-version=react-scripts-dangerous@1.0.13-60145f9.0 folder/Note that the package has not been reviewed or vetted by the maintainers. Only install it at your own risk! Thanks for your contribution! |
|
@jeffposnick i'm with you on that. here's a commit |
|
Hello! I'm a bot that helps facilitate testing pull requests. Your pull request (commit f2b3fa3) has been released on npm for testing purposes. npm i react-scripts-dangerous@1.0.13-f2b3fa3.0
# or
yarn add react-scripts-dangerous@1.0.13-f2b3fa3.0
# or
create-react-app --scripts-version=react-scripts-dangerous@1.0.13-f2b3fa3.0 folder/Note that the package has not been reviewed or vetted by the maintainers. Only install it at your own risk! Thanks for your contribution! |
|
Just to be clear here, this changes the behavior to only cache Do requests for other files in |
|
This change will lead to only Navigating to any of those Requesting any of the other files in (The one wrinkle here is that if someone navigates directly to a URL corresponding to a non- |
|
@Timer as @jeffposnick says: non- i think the behaviour is a little surprising, but after quite a bit of discussion i can't see any simple universal approach that isn't surprising. the least surprising would probably be for the items in without such a blacklist available at present, this approach, while still full of surprises (like if someone right clicks a non-precached image from it also, i'm now noting, doesn't really close or fix the two issues mentioned in the initial pr description (#3008, #2894) anymore, so i've removed that line from the text. |
The flip side is that if you use As @chee says, determining what's least surprising is something of a judgment call. |
|
@jeffposnick that's so true it's very subjective. here's a new issue where it was suprising again but different: #3174 that wouldn't be fixed by this PR but would be solved by the previous version which cached everything. and it wouldn't be fixed at all by my preference of blacklisting everything in v subjective. |
does this also true for requests using fetch / xhr? |
|
@viankakrisna @jeffposnick i'm not missing any other cases am i? |
|
here is another example for somebody surprised by the current behaviour #3171 none of the solutions come up with so far would help them, other than a configurable whitelist/blacklist. |
|
I'm starting to think that ditching |
|
@jeffposnick that seems pretty good. maybe some documentation would be in order, or a blog post, for how uncomplicated it is to create an sw-precache service worker to suit your needs without the need to eject. for now i am going to update this pull request to disable navigateFallback altogether. i will also rename the PR, and put the references to #3008, #2894 back into the opening post because it goes back to fixing them again once that change is made. |
|
@goldhand how do you feel about the approach of disabling |
|
@jeffposnick do you think we should still precache their |
chee
changed the title
|
Hello! I'm a bot that helps facilitate testing pull requests. Your pull request (commit 30ba746) has been released on npm for testing purposes. npm i react-scripts-dangerous@1.0.13-30ba746.0
# or
yarn add react-scripts-dangerous@1.0.13-30ba746.0
# or
create-react-app --scripts-version=react-scripts-dangerous@1.0.13-30ba746.0 folder/Note that the package has not been reviewed or vetted by the maintainers. Only install it at your own risk! Thanks for your contribution! |
|
thanks robot |
|
this has been obsoleted by @jeffposnick's pull request at #3419 thank you for your support and patience |
closes #3008