Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When we moved to declaring all the dependencies explicitly that was to avoid any script being added to the page while it didn't belong.
Right now going to the empty frontpage as anon will not have any JS but it will have JS settings added to the page as well.
Comment | File | Size | Author |
---|---|---|---|
#5 | fix_no_js_anon-2120117-5.patch | 2.06 KB | Wim Leers |
#5 | interdiff.txt | 2.05 KB | Wim Leers |
#3 | fix_no_js_anon-2120117-3.patch | 2.05 KB | Wim Leers |
#2 | core-js-drupalSettings-busted-2120117-2.patch | 1.15 KB | nod_ |
Comments
Comment #1
nod_#1991684: Node history markers (comment & node "new" indicator, "x new comments" links) forces render caching to be per user introduced the regression.
Because something is added to the settings array that and do so through drupal_add_js(), the settings array will be added. It doesn't make sense to use a library for the settings here.
It's not too bad since drupalSettings depends on nothing but it still makes the browser run the JS thing for a page that shouldn't need it.
Comment #2
nod_For settings we should use alter since we're able to check if there actually are settings for the page.
Comment #3
Wim LeersSo I helped fix it and now I broke it! :( Ironic, isn't it?
I'm afraid the patch is quite wrong and badly breaks things: the structure of
$javascript
inhook_js_alter()
is not quite what one would expect! I fixed that.Also: that's not the only cause for JS to show up for anonymous users: the
drupal.node-new-comments-link
is also inappropriately added for anonymous users! Fixed that too.Finally: the check for
$javascript['settings']
is now clearly documented, so that others may understand it too without having to understand every part of the system.Let's prevent this from ever happening again: #2120457: Add test to guarantee that the Standard profile does not load any JavaScript for anonymous users on critical pages.
Comment #5
Wim LeersOops, uploaded the interdiff as the patch. Let's do that better now.
Comment #6
nod_Can't you add the permission for anon to comment as well, the isAuthenticated() might get in the way?
Comment #7
Wim Leers#6: history module does not have any permissions; since all anonymous users in Drupal have the same user ID, there's no way to keep track of what they have and haven't read. So: no.
Comment #8
nod_Right it's not for posting a new comment, my bad.
Comment #9
nod_aannnd after testing, that works.
Comment #10
nod_postponed #2120457: Add test to guarantee that the Standard profile does not load any JavaScript for anonymous users on critical pages on this one.
Comment #11
catchCommitted/pushed to 8.x, thanks!
Let's get that test in quick as well so this doesn't happen again :p
Comment #12
Wim LeersIndeed :D