Rewrite for more accurate resource matching + add match warnings #68

Closed
opened 1 year ago by Kein · 10 comments
Kein commented 1 year ago

Consider the following:

https://ezchan.org/

This site uses resources that are not a part of localCDN, which is fine. What isnt fine is that it still serves other versions as if they are interchangeable. Sure, sometimes they are, but only sometimes As you can see serving higher versions of these frameworks break the site.

Now, I'm not expecting to support every single frameklwork verison, however, I think localCDN should have an optiopn for verbose mode where it reports on the pop-up dashboard that there is version mismatch and instead of a green counter make it yellow (orange?) so I can see at a glance what can be the issue.

I spent about 30 minuets trying to understand what exactly broke the site despite localCDN happily reporting that it served all resources locally.

Additional request:
Please add an option to add obscure framework versions esily. I went and collected all the required frameworks only to realize that the helper just fetches pre-defined version instead of what is available in resources:

  } else if (type.includes('/bootstrap.css/4.')) {
        return  '4.4.1';
**Consider the following:** https://ezchan.org/ This site uses resources that are not a part of localCDN, which is fine. What isnt fine is that it still serves other versions as if they are interchangeable. Sure, sometimes they are, but only sometimes As you can see serving higher versions of these frameworks break the site. Now, I'm not expecting to support every single frameklwork verison, however, I think localCDN should have an optiopn for `verbose` mode where it reports on the pop-up dashboard that there is version mismatch and instead of a green counter make it yellow (orange?) so I can see at a glance what can be the issue. I spent about 30 minuets trying to understand what exactly broke the site despite localCDN happily reporting that it served all resources locally. **Additional request:** Please add an option to add obscure framework versions esily. I went and collected all the required frameworks only to realize that the helper just fetches pre-defined version instead of what is available in resources: ```js } else if (type.includes('/bootstrap.css/4.')) { return '4.4.1'; ```
Owner

Thank you very much for your report and suggestion.

Normally I monitor the most popular frameworks for new updates. If there is an update, I will implement it as soon as possible.

https://ezchan.org/

The website uses the integrity and crossorigin attributes to include the framework. If I activate the HTML filter, everything is displayed correctly.

The HTML filter is not always possible, e.g. if the website uses a strict same-origin policy. In other cases it isn't recommended to use it, if the website is going to handle user input (e.g. databases) and does not use UTF-8 as charset. More information can be found in the Wiki: Broken JavaScript or CSS on some websites

Please try the HTML filter and then let me know if the website works as expected.

Thank you very much for your report and suggestion. Normally I monitor the most popular frameworks for new updates. If there is an update, I will implement it as soon as possible. > https://ezchan.org/ The website uses the integrity and crossorigin attributes to include the framework. If I activate the HTML filter, everything is displayed correctly. The HTML filter is not always possible, e.g. if the website uses a strict [same-origin policy](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy). In other cases it isn't recommended to use it, if the website is going to handle user input (e.g. databases) and does not use UTF-8 as charset. More information can be found in the Wiki: [Broken JavaScript or CSS on some websites](https://codeberg.org/nobody/LocalCDN/wiki/Broken-JavaScript-or-CSS-on-some-websites) Please try the HTML filter and then let me know if the website works as expected.
Kein commented 1 year ago
Poster

If I activate the HTML filter, everything is displayed correctly.

There are obvious reasons I dont want to do that and they are related to security.
Skipping the rest of the issue I think:

I think localCDN should have an optiopn for verbose mode where it reports on the pop-up dashboard that there is version mismatch and instead of a green counter make it yellow (orange?) so I can see at a glance what can be the issue.

still would be useful.

> If I activate the HTML filter, everything is displayed correctly. There are obvious reasons I dont want to do that and they are related to security. Skipping the rest of the issue I think: > I think localCDN should have an optiopn for verbose mode where it reports on the pop-up dashboard that there is version mismatch and instead of a green counter make it yellow (orange?) so I can see at a glance what can be the issue. still would be useful.
Owner

There are obvious reasons I dont want to do that and they are related to security.

Hmm, I don't get it. These attributes force you to load the framework from a CDN. The integrity (the hash value of the file) is related to the file content. If the file changes (this happens when replacing versions), the check fails and the browser does not load the framework. The same applies to the crossorigin attribute. You can download the extension as an XPI file, unzip it and check the resources manually if you like. 😉

still would be useful.

Yes, think about that. The counter would then probably very often be orange instead green. A framework would be enough to change the color. Alternatively, in the popup but the user would have to open it to see it. 🤔

> There are obvious reasons I dont want to do that and they are related to security. Hmm, I don't get it. These attributes force you to load the framework from a CDN. The [integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) (the hash value of the file) is related to the file content. If the file changes (this happens when replacing versions), the check fails and the browser does not load the framework. The same applies to the [crossorigin](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin) attribute. You can download the extension as an XPI file, unzip it and check the resources manually if you like. :wink: > still would be useful. Yes, think about that. The counter would then probably very often be orange instead green. A framework would be enough to change the color. Alternatively, in the popup but the user would have to open it to see it. 🤔
Kein commented 1 year ago
Poster

The counter would then probably very often be orange instead green.

Make it only work if said "verbose" mode is enabled to avoid it being an new annoyance for existing users?

> The counter would then probably very often be orange instead green. Make it only work if said "verbose" mode is enabled to avoid it being an new annoyance for existing users?
Owner

What do you think about this:

Enable Dark Mode

What do you think about this: [<img src="https://www.localcdn.org/img/screenshots/screenshot9894.png" alt="Enable Dark Mode" width="200"/>](https://www.localcdn.org/img/screenshots/screenshot9894.png)
nobody added the
enhancement
label 1 year ago
Kein commented 1 year ago
Poster

Looks good, so if there is a version match it will display it as it is?

Looks good, so if there is a version match it will display it as it is?
Owner

@Kein

Looks good, so if there is a version match it will display it as it is?

The arrow stands for Upgrade. In the screenshot: WOW v1.1.2 has no arrow, so no upgrade.

Also, looking at your helper - have you tested how is Map performance? On Chromium 80+ it always faster to me.

The performance depends on many factors. Internet connection*, CPU, RAM, etc. The difference is minimal and hardly measurable. In the Helper class I have given a short comparison. It also depends on which and how many frameworks are included from a website. Of course there are also differences between the browsers, which does not necessarily have anything to do with an extension.

*) If you also compare CDN and Decentraleyes/LocalCDN

Chromium based browsers are normally not tested by me, because the browser doesn't support useful features, e.g. the replacement of Font Awesome or Google Material Icons.

@Kein >Looks good, so if there is a version match it will display it as it is? The arrow stands for Upgrade. In the screenshot: WOW v1.1.2 has no arrow, so no upgrade. >Also, looking at your `helper` - [have you tested how is Map performance](https://jsben.ch/o0UDx)? On Chromium 80+ it always faster to me. The performance depends on many factors. Internet connection*, CPU, RAM, etc. The difference is minimal and hardly measurable. In the Helper class I have given a short comparison. It also depends on which and how many frameworks are included from a website. Of course there are also differences between the browsers, which does not necessarily have anything to do with an extension. *) If you also compare CDN and Decentraleyes/LocalCDN Chromium based browsers are normally not tested by me, because the browser doesn't support useful features, e.g. the replacement of Font Awesome or Google Material Icons.
Kein commented 1 year ago
Poster

Fair enough.

Fair enough.
Owner

Implemented in v2.2.17

Implemented in v2.2.17
nobody closed this issue 1 year ago
Kein commented 1 year ago
Poster

image

This is not a big deal but an you use some common unicode or ANSI special chars here instead of some late additions?

![image](/attachments/d6b296bb-0c4e-40b6-bb14-be3f2f0dcbd0) This is not a big deal but an you use some common unicode or ANSI special chars here instead of some late additions?
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.