Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(plugin-legacy): avoid executing blank dynamic import #4767

Merged
merged 1 commit into from
Sep 1, 2021
Merged

fix(plugin-legacy): avoid executing blank dynamic import #4767

merged 1 commit into from
Sep 1, 2021

Conversation

nulladdict
Copy link
Contributor

Description

Fix for CSP issue described in #4568

Additional context


What is the purpose of this pull request?

  • Bug fix
  • New Feature
  • Documentation update
  • Other

Before submitting the PR, please make sure you do the following

  • Read the Contributing Guidelines.
  • Read the Pull Request Guidelines and follow the Commit Convention.
  • Check that there isn't already a PR that solves the problem the same way to avoid creating a duplicate.
  • Provide a description in this PR that addresses what the PR is solving, or reference the issue that it solves (e.g. fixes #123).
  • Ideally, include relevant tests that fail without this PR but pass with it.

Copy link
Contributor

@tjk tjk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you remove the additional CSP hash and the references to it please?

@nulladdict
Copy link
Contributor Author

Additional hash is for the dynamicFallbackInlineCode script, which checks for dynamic import support, prints the warning and loads the legacy bundle if necessary

@tjk
Copy link
Contributor

tjk commented Aug 27, 2021

Oh woops... for some reason I thought that empty string was one of the hashes. My mistake...

patak-dev
patak-dev previously approved these changes Aug 27, 2021
@patak-dev
Copy link
Member

Thanks @nulladdict, great that this fixes the issue and we don't have to do something hackier. Any reason the PR is a draft?

@nulladdict
Copy link
Contributor Author

Yes, I wanted to check everything once more, and I found a problem. The new banner code is completely gone from the modern bundle.

It's probably optimized away by the rollup as "dead code", since the expression doesn't do anything and has no observable side effects. I tried change around the way code looks, but couldn’t make the code stay. One thing that worked is naming the function and exporting it, but that still doesn’t feel right.

I know rollup has /*@__PURE__*/ annotation, but I don't know if something like @preserve annotation exists.

@patak-dev
Copy link
Member

Yes, I wanted to check everything once more, and I found a problem. The new banner code is completely gone from the modern bundle.

Oh... fun 😄

It's probably optimized away by the rollup as "dead code", since the expression doesn't do anything and has no observable side effects. I tried change around the way code looks, but couldn’t make the code stay. One thing that worked is naming the function and exporting it, but that still doesn’t feel right.

We could console.log the function + some text, but I think that exporting it is even less intrusive. I don't see a problem doing that with a name like __vite_legacy_guard. I think we should try that.

Importing `data:` uri doesn't pass strict CSP
Export `__vite_legacy_guard` to keep rollup from removing it

Closes #4568
@Shinigami92 Shinigami92 added plugin: legacy p3-minor-bug An edge case that only affects very specific usage (priority) labels Aug 30, 2021
@nulladdict
Copy link
Contributor Author

I searched around a bit for other ways of preserving unused code, but haven't found any good alternatives. I'm not sure how safe it is to go the export route, but it looks like it might be the least intrusive way

@nulladdict nulladdict marked this pull request as ready for review August 30, 2021 08:46
@patak-dev patak-dev merged commit de71408 into vitejs:main Sep 1, 2021
@tjk
Copy link
Contributor

tjk commented Sep 1, 2021

Hm, this actually breaks the SSR build --

$ vite build --ssr src/entry-server.ts --outDir dist/ssr

~/dist/ssr/entry-server.js:36
export function __vite_legacy_guard() {
^^^^^^

SyntaxError: Unexpected token 'export'
    at wrapSafe (internal/modules/cjs/loader.js:984:16)
    at Module._compile (internal/modules/cjs/loader.js:1032:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
    at Module.load (internal/modules/cjs/loader.js:933:32)
    at Function.Module._load (internal/modules/cjs/loader.js:774:14)
    at Module.require (internal/modules/cjs/loader.js:957:19)
    at require (internal/modules/cjs/helpers.js:88:18)
    at Module._compile (internal/modules/cjs/loader.js:1068:30)

@patak-dev
Copy link
Member

But this was added only to the modern esmodule. Why is this present in entry-server.js? @tjk could you create a new issue for this? PR ideas are welcome, we can revert if not until we better understand the issue.

@tjk
Copy link
Contributor

tjk commented Sep 1, 2021

@patak-js #4818

aleclarson pushed a commit to aleclarson/vite that referenced this pull request Nov 8, 2021
mfo pushed a commit to demarches-simplifiees/demarches-simplifiees.fr that referenced this pull request Jun 30, 2022
mfo pushed a commit to demarches-simplifiees/demarches-simplifiees.fr that referenced this pull request Jun 30, 2022
mfo pushed a commit to demarches-simplifiees/demarches-simplifiees.fr that referenced this pull request Jun 30, 2022
mfo pushed a commit to demarches-simplifiees/demarches-simplifiees.fr that referenced this pull request Jul 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
p3-minor-bug An edge case that only affects very specific usage (priority) plugin: legacy
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants