Generate integrity hash for scripts/link tags on the index. #442
Conversation
|
This is very cool. We should note in our documentation and the changelog the browser support https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity#Browser_compatibility (not supported in IE. partial support in Edge, not sure what that means) |
|
@chriddyp I tested from ie11 and edge, it loaded, I think it just ignore the attribute. |
|
Tagging this as dash 2.0 as it breaks old versions of dcc that did not have the same plotly.js files. It's a nice feature, but not essential. |
dash/_utils.py
Outdated
|
|
||
| @functools.wraps(func) | ||
| def wrapper(*args, **kwargs): | ||
| key = hash((args, frozenset(kwargs))) |
There was a problem hiding this comment.
should this be hash((args, frozenset(kwargs.keys()), frozenset(kwargs.values()))?
frozenset(kwargs) gets a set of the keys, so function(1, 2, a=1) and function(1, 2, a=2) would produce the same hash.
There was a problem hiding this comment.
Good catch, the function it wraps doesn't have kwargs so it didn't impact it. I think frozenset(kwargs.items()) so the values and keys are grouped together in a tuple?
|
Yeah either one, it shouldn't matter for the hash
3. Nov 2018 11:06 by notifications@github.com <mailto:notifications@github.com>:
…
@T4rk1n> commented on this pull request.
In > dash/_utils.py <#442 (comment)>> :
> @@ -1,3 +1,24 @@+import functools+import hashlib+import base64+import pkgutil+++def memoize(func):+ results = {}++ @functools.wraps(func)+ def wrapper(*args, **kwargs):+ key = hash((args, frozenset(kwargs)))
Good catch, the function it wraps doesn't have kwargs so it didn't impact it. I think frozenset(kwargs.items()) so the values and keys are grouped together in a tuple?
—
You are receiving this because your review was requested.
Reply to this email directly, > view it on GitHub <#442 (comment)>> , or > mute the thread <https://github.com/notifications/unsubscribe-auth/AJy-LatroBxCjxBU25z9mfEyxRwpy4kMks5urbEPgaJpZM4YEj-r>> .
|
|
This has gotten stale - closing. Will likely need to be reimplemented if we pick this feature up again. |
…y#442) * 🎉 initial commit of dashTable R package * border is none if not define * test cases for css border overwrite bugs * edit CHANGELOG.md * Update CHANGELOG.md Co-Authored-By: Marc-André Rivet <Marc-Andre-Rivet@users.noreply.github.com> * Fix monorepo build (plotly#443) monorepo changes + shallow clone + v0/v1 clean up * Create FUNDING.yml * 📝 correct "dash green" to "dashed blue"
With Dash 2.0 on the horizon, has this feature been re-evaluated? It would give a lot more confidence if using third-party CDNs like unpkg. |
|
It's not on our roadmap ATM, but if anyone wants to tackle it we'd be happy to review a PR! |
|
@alexcjohnson Thanks for the response. Is the approach taken by this PR no longer feasible? It looks like a sensible approach. |
* 🎉 initial commit of dashTable R package * border is none if not define * test cases for css border overwrite bugs * edit CHANGELOG.md * Update CHANGELOG.md Co-Authored-By: Marc-André Rivet <Marc-Andre-Rivet@users.noreply.github.com> * Fix monorepo build (#443) monorepo changes + shallow clone + v0/v1 clean up * Create FUNDING.yml * 📝 correct "dash green" to "dashed blue"
integrityandcrossoriginattributes.As the version of plotly.js hosted locally and externally was not the same, this breaks dash-core-components Graph component.
The files hosted locally must be downloaded from the external source so they match 1:1. Same for the component libs bundles, do
npm publishfirst so you have the builds with theprepublishhook, then dopython setup.py sdistandtwine upload dist/*without rebuilding the bundles so they have the same hash, all version of dcc I tested had the right bundles, but it needs to be said somewhere.Closes #422