Problem/Motivation
Currently independent JS libraries (script loaded via its own SCRIPT tag) have the ability to add custom attributes to the tag and this is not the case for CSS libraries of the same type (scripts loaded via their own LINK tag).
# MODULE.libraries.yml or THEME.libraries.yml
bootstrap.cdn:
header: true
remote: https://github.com/twbs/bootstrap
version: '3.3.6'
license:
name: MIT
url: https://github.com/twbs/bootstrap/blob/master/LICENSE
gpl-compatible: true
css:
component:
'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css': { type: external, attributes: { integrity: sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7, crossorigin: anonymous }, minified: true }
js:
'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js': { type: external, attributes: { integrity: sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS, crossorigin: anonymous }, minified: true }
dependencies:
- core/jquery
This would be helpful when including libraries like Bootstrap:
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
Proposed resolution
Add similar functionality to the CssCollectionRenderer class as implemented by the JsCollectionRenderer class.
Comment | File | Size | Author |
---|---|---|---|
#104 | 2716115-91.patch | 5.25 KB | alexpott |
#91 | 2716115-91.patch | 5.25 KB | gapple |
#91 | interdiff-2716115-91.txt | 669 bytes | gapple |
#78 | drupal-2716115-78-css-attributes.patch | 5.26 KB | gapple |
Comments
Comment #4
LittleCodingPatch is designed to work with 8.2.x+
Comment #6
LittleCodingComment #7
LittleCodingLet me report those patches as they did not get queued for testing.
Here is the patch for 8.3.x
Comment #8
LittleCodingPatch for 8.4.x
Comment #9
LittleCodingComment #12
LittleCodingComment #14
LittleCodingComment #15
LittleCodingComment #17
LittleCodingUpdated Category to better fit the issue.
Comment #19
cayriawill CreditAttribution: cayriawill as a volunteer commentedAdding relationship to another issue that is the same
Comment #20
LittleCodingComment #22
markhalliwellSetting back to CNW for tests.
Comment #23
markhalliwellThis related issue is the 7.x equivalent.
I've been working on #2851748: Secure sites by adding attributes "integrity" and "crossorigin" to CDN files and can confirm that attributes passed to JS already works:
However, CSS does not:
Comment #24
LittleCoding@markcarver are you confirming the issue still exists or are you identifying that the patch #14 no longer works?
Also thank you for the title update. Correct terms will help to get this noticed and accepted.
Comment #25
markhalliwellI'm confirming that the issue still exists in HEAD. I haven't actually tried or really reviewed the patch, yet.
I'm just adding this to the scope of issues that really needs to be resolved.
I'm half tempted to mark this as a task or even as a bug since this directly affects the ability (natively) to provide proper SRI values for external resources. Technically speaking though, this adds new [desired] functionality that previously wasn't possible... so I suppose I'll leave it as a feature request; for now. If someone else feels this needs recategorization, please mention it here so we can see how we want to move forward.
Comment #26
LittleCodingI went over the thoughts when first making this request. And actually it was making a custom theme based on Bootstrap that is how I came across the need.
Comment #28
DuaelFrThe official documentation says that this should be possible. I'd aggree to consider this as a bug :)
My 2 cts.
Comment #29
LittleCoding@markcarver do you know anyone that is running a sprint at DrupalCon 2019 and would be interested in add this issue to their list?
Comment #30
gobinathmTagging for Seattle sprints
Comment #31
LittleCodingComment #32
markhalliwell@LittleCoding, sorry, this wasn't on my radar while I was in Seattle.
That being said, seeing how nothing happen in Seattle with this issue, removing the tag.
Changing to a bug and bumping priority since existing documentation conflicts with actual behavior (per #28).
Setting back to CNW since there are no tests.
Comment #33
LittleCoding@markcarver sounds like a good idea +1
Comment #34
tatarbjComment #35
LittleCoding@tatarbj thank you +1
Comment #36
erlendoos CreditAttribution: erlendoos as a volunteer commentedNew patch for drupal 8.7
Comment #37
tatarbjpatch that failed on #36 is rerolled and corrected on 8.8.x
Comment #38
gnugetThanks!
This still needs tests, so I'm going to switch it back to
Needs Work
I'm going to try to work on the tests this week.Comment #39
gnugetOk, new patch, the only change that I did to #37 (besides to add the test) was that I changed the
array_replace
parameters order, it was moving therel
,media
andhref
to after the custom attributes making the tag look different than the otherslink
tags.So with the previous version, it was printing the tag like this:
And with my change it is printing it like this:
And that's it.
Thanks for all the help on this one.
David.
(why was added the "api change" tag )
Comment #40
LittleCodingLooks like we have two fixes now (current and upcoming versions of core).
To clarify for those following along:
The patch from comment #14 is for 8.6.x and blow
The patch form comments #37/#39 are for 8.7.x
Since we are working with this as a bug report, rather then a feature request I have updated the version back to 8.7.x-dev
Comment #41
markhalliwellHEAD is always fixed first. Whether or not the fix is backported to previous versions is irrelevant.
Comment #42
LittleCodingThank you for the correction @markcarver and more so for the information on why!
Comment #43
NickDickinsonWildeReviewed it and I have a questions, and a bug.
Tests look good to me.
Bug: This doesn't check if the css is a group (ie preprocessed) - adjusting the if statement to
if (!$css_asset['preprocess'] && !empty($css_asset['attributes'])) {
should resolve this.Question: Why use
array_replace
instead of+=
?+=
is used in the equivalent functionality for JS, and is a tiny bit better performance (given caching that's not really a major concern and it is a minor performance difference I believe)Comment #44
gnugetNo idea, I'm going to change it in my next patch.
I added the changed that you suggested and it make the test to fail. I will try to dig a bit more on this later this week.
Thanks for your review!
Comment #45
NickDickinsonWildeah yes, of course... sorry, actually do:
using the other form wouldn't work for all cases.
Comment #46
LittleCodingI think this should work just fine
Comment #47
LittleCodingWell that last patch did not work (href vs src). and an extra code comment.
Comment #48
LittleCodingComment #49
gnugetHi LittleCoding
Thanks for your help but your patch does not contain the test added on #39 so even if it pass it will need work.
Also you should add interdiffs so we can know what was changed.
Comment #50
gnugetAlso, I'm curious why did you change the approach taken since #37? it seems that it was almost ready.
Comment #51
LittleCoding@gnuget The change in coding is to match the method used in the JsCollectionRenderer class, we should not have each doing their own thing.
Great point about keeping the testing. would you like to redo the patch with that included?
Comment #52
LittleCodingsorry did not mean to do that status change
Comment #53
gnugetMakes sense, thanks.
I can do it later today/this week, feel free to do it if you have time before than me. :-)
In which case this
else
is going to be executed? it is possible to add custom attributes to the aggregated links generated by drupal?Also, this
else
is not present in the JsCollectionRenderer either, so not so sure if I'm missing something here.Comment #54
gnugetOk, new patch using the code of LittleCoding (using the same approach as JsCollectionRenderer) and re-adding the tests that I added in #39.
Also, @LittleCoding, I removed your
else
because I didn't found a way to add custom attributes to the aggregated files, if there is a way just let me know and I'm going to be happy to restore that change (and add code to test this part of the code).Comment #55
markhalliwellWell, according to #2623960: Improve the merge() method on Attribute objects, this should really be using
array_merge_recursive()
. As far as "why", it's so that it can override any already set attributes that core may have made on the assumption of the file in question; more control.Using
+=
actually means they can't be overridden as it will simply ignore any keys that already exist in the array.I don't feel like this is the best approach.
An asset could be external and not preprocessed, but still need attributes.
Comment #56
gnugetActually if you see my patch, I didn't add that
else
:-pThis might be worth it to create a follow-up to change JsCollectionRenderer as well?
Comment #57
LittleCodinggnuget if there is already something in the system that prevents the attributes value from being set for a aggregate file then yes, there is no need for the else that clears out any existing value.
And updating the method to of coding to using array_merge_recursive() for both CssCollectionRenderer and JsCollectionRenderer would be best as a follow-up issue, if that is the method to use. These two collection renderers not being in alignment is the starting part of this issue.
Comment #58
gnugetI noted that you changed again the issue to
needs work
.What needs to be addressed to changed it to
needs review
again?Comment #59
LittleCodingSorry. there is something odd going on with my browser and this form I guess. Thank you being on top of that!
Comment #60
LittleCodingAnd jumping back to #55 #56 the if/else is within the switch so it would only clear the $css_asset['attributes'] for a $css_asset['type'] of file that also has a $css_asset['preprocessed'] value set.
Comment #62
LittleCodingThe patch is working great.
gnuget good call on removing the ELSE from my patch from #48. I had confused "preprocess" with "preprocessed" so it was not doing what I had intended.
"preprocess" being the flag to excluded the library file from aggregation and "preprocessed" being the flag that indicated a aggregated group of files (rather then a single library file).
Looks like we are back to needed someone who is able to approve this to be added to core!
Comment #63
sandeep_jangra CreditAttribution: sandeep_jangra at OpenSense Labs commentedThe patch #48 working great. I just only removed the else part. Now i am adding updated patch here.
Comment #64
catchShould be 'output' here.
I think we need test coverage for this.
Comment #65
gnugetDoes this needs a change record even if in the official documentation says that this should already work?
I think that this is why this is marked as a bug and not as a feature request.
https://www.drupal.org/docs/8/theming/adding-stylesheets-css-and-javascr...
Comment #66
LittleCodingGreat point!, Better to have the information available.
Comment #67
renguer0 CreditAttribution: renguer0 as a volunteer commentedComment #68
LittleCodingrestore issue summary
Comment #69
LittleCodingUpdated the comment as per comment #64 and fixed test patch to apply in 8.9.x. The patch was failing to apply due to a changes in testing.
Comment #70
LittleCodingOnly list patch for current development branch (8.9.x). change status to Need Review.
just a reminder:
Comment #71
gnugetThis looks pretty good, thanks LittleCoding.
I'm going to remove a few tags:
change record needed..
This seems ready to me. Thanks!
Comment #73
jungleFixing test failure in #69. Adjusted the indexes in the data provider as index 1 is missing.
Comment #74
jungleRefactored tests by using Prophecy.
Added missing comment and added return type hinting which is mandatory in Drupal 9 now.
Comment #75
LittleCodingThank you @gnuget cleaning up the tags and pulling all those question together with answers,
@jungle thank you for fixing the testing and for thinking ahead to D9. The patch from comment #74 is working for me.
how about a few more testers to confirm this.
Comment #77
LittleCodingLooks like we need a third version of this patch to work with D9+
Comment #78
gappleRerolled for 9.1.
Also, since #2897408: Remove IE9 support from CssCollectionRenderer and provide it in contrib instead the renderer only outputs
link
tags, so the conditional can be simplified.Comment #79
LittleCodingComment #80
LittleCodingComment #82
alexpottCrediting people from the duplicate issue.
Comment #83
alexpottCommitted and pushed 758adf0e97 to 9.1.x and ea20f12a26 to 9.0.x. Thanks!
We need a backport patch. I think that'd be #74 without the
protected function setUp(): void {
Comment #86
mrinalini9 CreditAttribution: mrinalini9 at Srijan | A Material+ Company for Drupal India Association commentedComment #87
mrinalini9 CreditAttribution: mrinalini9 at Srijan | A Material+ Company for Drupal India Association commentedUpdated patch #74, without the
protected function setUp(): void {
as mentioned in #83, please review.Comment #88
gnugetHi @mrinalini9
Thanks for porting the patch!
Whenever a new patch is provided it is recommended to provide an interdiff so we can see what changed between patches.
You can read here how make interdiffs.
For this time I made it for you, It is attached.
And looks great!
Thanks again.
Comment #89
alexpottDiscussed with @lauriii we decided to hold off on committing this to 8.9.x until after 8.9.0 because of the possibility of existing sites breaking because of incorrect integrity hashes in css component definitions. The plan is to commit this early in 8.9.1 dev cycle to give sites that have incorrect libraries the best chance of discovering this before release. Note that Drupal 9.0 will support this so if you 100% needs this to work you can apply the 8.x patch or move to Drupal 9 :)
To this end I've created the change record https://www.drupal.org/node/3144708
Comment #90
alexpottThis is definitely a security improvment.
Comment #91
gappleAs in #78, the condition can be simplified since the element is always a
link
element with anhref
attribute since 8.7Comment #92
LittleCodingtested both the 8.9-dev (#91) and 9.1-dev (#78) and they are working as expected.
Comment #93
LittleCodingThe was a mix-up and this has not been committed in the 8.9.x branch yet. So the change record made by @alexpott has an edit added to reflect this.
I have again reviewed and tested patch #91 to confirm it is still working and updated status. Who can this be assigned to to be committed to the current 8.9.x so it will be included as part of 8.9.4 and this issue can be completely closed?
Comment #94
ksemihin CreditAttribution: ksemihin as a volunteer commentedThe same version as in comment #91
But with replacing
From
To
What allows to override type and other default attributes.
Comment #95
gappleWhat's the reason for wanting to be able to change those default attributes? Is there not currently a way to change those attributes when necessary?
Since the current patch is backporting changes from D9 to D8.9, this change should probably be a separate issue so that it's committed to the latest release first. Since this same behaviour is done separately for JS and CSS, a patch should address both renderr classes for consistency.
Comment #96
larowlanThere seems to be some conjecture between #91 and #95 here - can we make sure the latest patch is the one under consideration? Thanks in advance
Comment #97
LittleCodingAgreed that given this is at the point of being a backport and that the patch in #95 alters the feature, it should be made into a new issue in the queue.
Comment #98
LittleCodingThis was not committed as part of ether of last week's core updates (8.9.4 or 8.9.5). So again there is an edit to the Change Record https://www.drupal.org/node/3144708
Nug, nug. Poke, poke. to anyone following this that can get this backport committed for this to be finished.
Comment #99
LittleCodingUpdated Change Record to 8.9.7 as this was not included in 8.9.6
Comment #100
KarimBou CreditAttribution: KarimBou commentedHey,
The attribute now works and i'm able to add a title for instance.
changing default rel="stylesheet" to rel="alternate stylesheet" doesn't seem to work"
"libraries.yml":
Any idea why ?
Comment #101
LittleCodingHey KarimBou,
This does not allow override of the basic required attributes (href, media, rel). Rather it allows the inclusion of additional attributes like: integrity, title, crossorigin, disable, etc.
If you look over ksemihin patch from #94, that will allow the override of those default attributes. I don't know if ksemihin did start a new issue to have that feature option.
Comment #102
LittleCodingUpdated Change Record to 8.9.8 as this was not included in 8.9.7
Comment #103
KarimBou CreditAttribution: KarimBou commented@LittleCoding Thanks for pointing that up, went past that one :)
I do think it's relevant to allow that out of the box.
Comment #104
alexpottRe-upping #91 since that is the patch that should be considered for backport. #95 offers a different feature set and would need to be changed against 9.2.x first.
Comment #105
alexpottDiscussed with @catch and we agreed to backport this to 8.9.x
Committed e880e48 and pushed to 8.9.x. Thanks!
Comment #108
KarimBou CreditAttribution: KarimBou commentedHello everyone, any chance we could see a compatibility of this on Drupal 9.3.x ?
Comment #109
gapple@KarimBou The change to allow additional attributes according to the original scope of this issue was committed to 8.9+, and 9.1+
If you're interested in overriding default attributes as in #94, you should open a separate issue as previously mentioned.