From 18db904c293f43f5e928b74835d0969cd60c1e2e Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Sun, 7 Apr 2024 23:51:57 +0000 Subject: [PATCH] Script Loader: Improve asset concatenation Etags. Include the asset version of JavaScript and CSS files when generating the ETag for concatenated assets in `load-scripts.php` and `load-styles.php`. This ensures the ETag is updated as script versions change (for example editor package updates) rather than only when the WordPress version changes. The `W\` prefix is added to the generated ETag to allow for CDNs and proxy servers modifying the script to add or improve the compression algorithm. Props azaozz, dav4, ironprogrammer, johnbillion, kkmuffme, monzuralam, peterwilsoncc, sergeybiryukov. Fixes #58433. git-svn-id: https://develop.svn.wordpress.org/trunk@57943 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/load-scripts.php | 23 +++++++++++++++++++++-- src/wp-admin/load-styles.php | 23 +++++++++++++++++++++-- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/src/wp-admin/load-scripts.php b/src/wp-admin/load-scripts.php index 5675b86570..c7c952f651 100644 --- a/src/wp-admin/load-scripts.php +++ b/src/wp-admin/load-scripts.php @@ -45,7 +45,26 @@ wp_default_scripts( $wp_scripts ); wp_default_packages_vendor( $wp_scripts ); wp_default_packages_scripts( $wp_scripts ); -if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) { +$etag = "WP:{$wp_version};"; + +foreach ( $load as $handle ) { + if ( ! array_key_exists( $handle, $wp_scripts->registered ) ) { + continue; + } + + $ver = $wp_scripts->registered[ $handle ]->ver ? $wp_scripts->registered[ $handle ]->ver : $wp_version; + $etag .= "{$handle}:{$ver};"; +} + +/* + * This is not intended to be cryptographically secure, just a fast way to get + * a fixed length string based on the script versions. As this file does not + * load the full WordPress environment, it is not possible to use the salted + * wp_hash() function. + */ +$etag = 'W/"' . md5( $etag ) . '"'; + +if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $etag ) { header( "$protocol 304 Not Modified" ); exit; } @@ -59,7 +78,7 @@ foreach ( $load as $handle ) { $out .= get_file( $path ) . "\n"; } -header( "Etag: $wp_version" ); +header( "Etag: $etag" ); header( 'Content-Type: application/javascript; charset=UTF-8' ); header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' ); header( "Cache-Control: public, max-age=$expires_offset" ); diff --git a/src/wp-admin/load-styles.php b/src/wp-admin/load-styles.php index fe4a4ee66e..9fd0fc1f03 100644 --- a/src/wp-admin/load-styles.php +++ b/src/wp-admin/load-styles.php @@ -48,7 +48,26 @@ $out = ''; $wp_styles = new WP_Styles(); wp_default_styles( $wp_styles ); -if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) { +$etag = "WP:{$wp_version};"; + +foreach ( $load as $handle ) { + if ( ! array_key_exists( $handle, $wp_styles->registered ) ) { + continue; + } + + $ver = $wp_styles->registered[ $handle ]->ver ? $wp_styles->registered[ $handle ]->ver : $wp_version; + $etag .= "{$handle}:{$ver};"; +} + +/* + * This is not intended to be cryptographically secure, just a fast way to get + * a fixed length string based on the script versions. As this file does not + * load the full WordPress environment, it is not possible to use the salted + * wp_hash() function. + */ +$etag = 'W/"' . md5( $etag ) . '"'; + +if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $etag ) { header( "$protocol 304 Not Modified" ); exit; } @@ -84,7 +103,7 @@ foreach ( $load as $handle ) { } } -header( "Etag: $wp_version" ); +header( "Etag: $etag" ); header( 'Content-Type: text/css; charset=UTF-8' ); header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' ); header( "Cache-Control: public, max-age=$expires_offset" );