/kirby3-fingerprint

File Method and css/js helper to add hash to files

Primary LanguagePHPMIT LicenseMIT

Kirby 3 Fingerprint

Release Downloads Build Status Coverage Status Maintainability Twitter

File Method and css/js helper to add cachebusting hash and optional Subresource Integrity to files.

Commercial Usage


Support open source!

This plugin is free but if you use it in a commercial project please consider to sponsor me or make a donation.
If my work helped you to make some cash it seems fair to me that I might get a little reward as well, right?

Be kind. Share a little. Thanks.

‐ Bruno
 
M O N E Y
Github sponsor Patreon Buy Me a Coffee Paypal dontation Hire me

Similar Plugins

The following plugins can do cachebusting but they do not cache the modified timestamp nor can they do SRI nor do cachebusting for non js/css files.

Installation

  • unzip master.zip as folder site/plugins/kirby3-fingerprint or
  • git submodule add https://github.com/bnomei/kirby3-fingerprint.git site/plugins/kirby3-fingerprint or
  • composer require bnomei/kirby3-fingerprint

Usage

This Plugin does not override the build in js/css helpers. Use Bnomei\Fingerprint::css and Bnomei\Fingerprint::js when you need them.

echo Bnomei\Fingerprint::css('/assets/css/index.css');
// <style> element with https://../assets/css/index.css?v=1203291283

echo Bnomei\Fingerprint::js('/assets/js/index.min.js');
// <link> element https://../assets/js/index.min.js?v=1203291283

echo Bnomei\Fingerprint::url('/assets/css/index.css');
// raw url https://../assets/css/index.css?v=1203291283

echo $page->file('ukulele.pdf')->fingerprint();
// https://../ukulele.pdf?v=1203291283

echo $page->file('ukulele.pdf')->integrity();
// sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC

// generate sri from local file
echo Bnomei\Fingerprint::js(
    '/assets/js/index.min.js',
    [
        "integrity" => true
    ]
);
/*
<script src="https://../assets/js/index.min.js"
    integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
    crossorigin="anonymous"></script>
*/

echo Bnomei\Fingerprint::js(
    'https://external.cdn/framework.min.js',
    [
        "integrity" => "sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
    ]
);
/*
<script src="https://external.cdn/framework.min.js"
    integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
    crossorigin="anonymous"></script>
*/

Settings

bnomei.fingerprint. Default Description
hash callback will lead to the hashing logic
integrity callback use it to set option 'integrity' => null,
digest 'sha384' Cryptographic digest to be used for SRI hashes either 'sha256', 'sha384' or 'sha512'.
https true boolean value or callback to force https scheme on all but localhost enviroments.
query true or string or callback myfile.js?v={HASH}, myfile.{HASH}.js or loaded from manifest file

Query option: true (default)

myfile.js?v={HASH}

This is the default since it works without additional changes to your server but be aware that query strings are not perfect.

Query option: false

If you disable the query option you also also need to add apache or nginx rules. These rules will redirect css and js files from with hash to the asset on disk.

.htaccess - put this directly after the RewriteBase statment

# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)\.([0-9a-z]{32})\.(js|css)$ $1.$3 [L]

Nginx virtual host setup

location ~ (.+)\.(?:\w+)\.(js|css)$ {
    try_files $uri $1.$2;
}

Query option: string

You can also forward the path of a json encoded manifest file and the plugin will load whatever hash is defined there. This works great for gulp-rev or with laravel mix versioning.

Cache & Performance

The plugin will flush its cache and do not write any more caches if global debug mode is true.

Hash and SRI values are cached and only updated when original file is modified. If you also have the AutoID Plugin and the file has an autoid field the modified lookup will be at almost zero-cpu cost.

Disclaimer

This plugin is provided "as is" with no guarantee. Use it at your own risk and always test it yourself before using it in a production environment. If you find any issues, please create a new issue.

License

MIT

It is discouraged to use this plugin in any project that promotes racism, sexism, homophobia, animal abuse, violence or any other form of hate speech.

Credits