Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.

Created on 19 April 2024, 8 months ago

Problem/Motivation

Recently Drupal introduced CSS and JavaScript aggregation performance improvements β†’ . Which completely change the game: browser will make a call to fetch js file, and if it doesn't exists it will generate it instead of throwing 404(as it was in previous Drupal versions).

Seckit is use onKernelResponse event subscriber to inject seckitJsCssNoscript protection and it is triggered on every Drupal response that contains newly generated JS aggregation file, and this potentially can lead to the JS errors on the page in if js contains </head> tag.

Steps to reproduce

  • Install Drupal 10.1.0 or higher.
  • Install seckit module
  • Enable JS aggregation
  • Include JS file that will contain closing tag via theme or module
  • Clear drupal cache
  • Navigate to the page and open console that will show error message

Proposed resolution

Do not include seckitJsCssNoscript logic for the system.js_asset route.

Remaining tasks

  • Do we need to exclude the whole seckit logic or just seckitJsCssNoscript?
  • Should we do the same for the system.css_asset?
πŸ› Bug report
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡¦Ukraine bahbka Dnipro

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024