github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-04-03 05:39:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/app/assets/javascripts/discourse/lib/load-script.js.es6
Kyle Zhao 373d6e3fe6
always loadScript with a script tag (#6411) 
to avoid Content Security Policy unsafe-line violations
2018-10-01 10:06:01 +08:00

101 lines
2.3 KiB
JavaScript
Raw Blame History

import { ajax } from "discourse/lib/ajax";
const _loaded = {};
const _loading = {};
function loadWithTag(path, cb) {
const head = document.getElementsByTagName("head")[0];
let finished = false;
let s = document.createElement("script");
s.src = path;
if (Ember.Test) {
Ember.Test.registerWaiter(() => finished);
}
head.appendChild(s);
s.onload = s.onreadystatechange = function(_, abort) {
finished = true;
if (
abort ||
!s.readyState ||
s.readyState === "loaded" ||
s.readyState === "complete"
) {
s = s.onload = s.onreadystatechange = null;
if (!abort) {
Ember.run(null, cb);
}
}
};
}
export function loadCSS(url) {
return loadScript(url, { css: true });
}
export default function loadScript(url, opts) {
// TODO: Remove this once plugins have been updated not to use it:
if (url === "defer/html-sanitizer-bundle") {
return Ember.RSVP.Promise.resolve();
}
opts = opts || {};
$("script").each((i, tag) => {
const src = tag.getAttribute("src");
if (src && src !== url) {
_loaded[tag.getAttribute("src")] = true;
}
});
return new Ember.RSVP.Promise(function(resolve) {
url = Discourse.getURL(url);
// If we already loaded this url
if (_loaded[url]) {
return resolve();
}
if (_loading[url]) {
return _loading[url].then(resolve);
}
let done;
_loading[url] = new Ember.RSVP.Promise(function(_done) {
done = _done;
});
_loading[url].then(function() {
delete _loading[url];
});
const cb = function(data) {
if (opts && opts.css) {
$("head").append("<style>" + data + "</style>");
}
done();
resolve();
_loaded[url] = true;
};
let cdnUrl = url;
// Scripts should always load from CDN
// CSS is type text, to accept it from a CDN we would need to handle CORS
if (!opts.css && Discourse.CDN && url[0] === "/" && url[1] !== "/") {
cdnUrl = Discourse.CDN.replace(/\/$/, "") + url;
}
if (opts.css) {
ajax({
url: cdnUrl,
dataType: "text",
cache: true
}).then(cb);
} else {
// Always load JavaScript with script tag to avoid Content Security Policy inline violations
loadWithTag(cdnUrl, cb);
}
});
}
Reference in New Issue View Git Blame Copy Permalink