Merge pull request #21 from mwpastore/add-fingerprint-check-option

Add fingerprintCheck option and documentation
jonathanKingston · Feb 18, 2016 · 50ab509 · 50ab509
2 parents 4725212 + d13d5a3
commit 50ab509
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -67,7 +67,8 @@ var app = new EmberApp({
           - `anonymous`
   - **runsIn** - default: ['production', 'test']
   - **enabled** - default: true
-  - **paranoiaCheck** - default: true
+  - **paranoiaCheck** - default: false
+  - **fingerprintCheck** - default: false
 - **fingerprint**
   - **prepend** - resources with a full path will only get an applied integrity if the md5 checksum passes
 
@@ -121,15 +122,23 @@ Values:
 
 ### 'paranoiaCheck'
 
-**This addon will always take the default pain free stance; so this has been enabled by default until the issue is resolved.**
+There was an encoding issue based on certain characters when using Chrome, the fix for which [landed](https://code.google.com/p/chromium/issues/detail?id=527286) in Chrome 46.
+This check fails if there is any non ASCII characters. On failure the file won't have an integrity attribute added.
+Currently, it defaults to false (i.e. this check is disabled). You can reenable it if you wish to remain compatible with
+versions of Chrome &lt; 46.
 
-Currently there is an encoding issue based on certain characters which is [still being debugged](https://code.google.com/p/chromium/issues/detail?id=527286) when using Chrome.
-This check fails if there is any non ASCII characters. On failure the file won't have a integrity attribute added.
-**Please note** this will be removed as a default in the future; with the desire to remove all of the checking code too.
+### 'fingerprintCheck'
+
+If you are fingerprinting your assets and/or prepending a URL (e.g. to your static web server or CDN), you will likely want
+to disable this check. Otherwise, if your assets include other assets, they will fail the check and the file won't have an
+integrity attribute added.
+Currently, it defaults to false (i.e. this check is disabled). You can reenable it for a little extra confidence that the
+correct files are being hashed, but only if you are not fingerprinting or prepending your assets and have no plans to in the
+future.
 
 ## Browser support
 
-- Chrome 45
+- Chrome 46
 - Firefox 43
 
 Notes:

diff --git a/bower.json b/bower.json
@@ -8,7 +8,7 @@
     "ember-qunit": "0.4.9",
     "ember-qunit-notifications": "0.0.7",
     "ember-resolver": "~0.1.18",
-    "jquery": "^1.11.3",
+    "jquery": "1.11.3",
     "loader.js": "ember-cli/loader.js#3.2.1",
     "qunit": "~1.18.0"
   }

diff --git a/index.js b/index.js
@@ -27,6 +27,14 @@ module.exports = {
     if (app.options.origin) {
       this.options.origin = app.options.origin;
     }
+
+    if (!('paranoiaCheck' in this.options)) {
+      this.options.paranoiaCheck = false;
+    }
+
+    if (!('fingerprintCheck' in this.options)) {
+      this.options.fingerprintCheck = false;
+    }
   },
   postprocessTree: function(type, tree) {
     var options = this.options || {};

diff --git a/package.json b/package.json
@@ -46,7 +46,7 @@
     "security"
   ],
   "dependencies": {
-    "broccoli-sri-hash": "^2.0.0"
+    "broccoli-sri-hash": "^2.1.0"
   },
   "ember-addon": {
     "configPath": "tests/dummy/config",