Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jQuery 1.9.1.min.js from code.jquery.com CDN points to wrong sourcemap #2899

Closed
miketaylr opened this issue Feb 4, 2016 · 8 comments
Closed

jQuery 1.9.1.min.js from code.jquery.com CDN points to wrong sourcemap #2899

miketaylr opened this issue Feb 4, 2016 · 8 comments

Comments

@miketaylr
Copy link

@miketaylr miketaylr commented Feb 4, 2016

Originally filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1245709#c3.

  1. view-source:http://code.jquery.com/jquery-1.9.1.min.js
  2. Observe //@ sourceMappingURL=jquery.min.map

Expected: //@ sourceMappingURL=jquery-1.9.1.min.map
Actual: See 2) above.

If you're debugging a site with 1.9.1 from the CDN, suddenly 1.11.1 is in your debugger... which is wrong.

Here's some context from jquery-dev chatting with @dmethvin:

[1:31 PM] <miketaylr> the bug i saw says http://code.jquery.com/jquery-1.9.1.min.js sourcemap just points to jquery.min.js, so it ends up at as 1.11.whatever.js
[1:31 PM] <DaveMethvin> oh
[1:31 PM] <miketaylr> view-source:http://code.jquery.com/jquery-1.9.1.min.js
[1:31 PM] <miketaylr> dunno if that's a jquery build bug
[1:31 PM] <DaveMethvin> well, one from years ago
[1:31 PM] <miketaylr> or a code cdn redirect bu
[1:31 PM] <miketaylr> g
[1:31 PM] <DaveMethvin> at this point
[1:32 PM] <DaveMethvin> i don't know that there's much we can do about it now
[1:32 PM] <miketaylr> dude, let me ssh into the server
[1:32 PM] <miketaylr> i'll fix it
[1:32 PM] <DaveMethvin> can we update a really old version?
[1:32 PM] <DaveMethvin> well i'd be afraid someone has a hash stored for it
[1:32 PM] <DaveMethvin> to avoid tampering
[1:32 PM] <miketaylr> vim jquery-1.9.1.min.js
[1:32 PM] <miketaylr> lol
[1:33 PM] <miketaylr> i guess it would be good to see if the problem is more widespread, or only exists for 1.9.1
[1:33 PM] <miketaylr> this is the bug fwiw https://bugzilla.mozilla.org/show_bug.cgi?id=1245709#c3
[1:33 PM] <DaveMethvin> there is a correct jquery-1.9.1.min.map file, it's just wrong in the source
[1:34 PM] <DaveMethvin> and we stopped putting map files into the source becaues we got a bunch of complaints when people renamed the file or forgot to copy the map
[1:35 PM] <DaveMethvin> i'd say go ahead and report it miketaylr and we'll discuss if that's something we can change
[1:35 PM] <miketaylr> okey doke
[1:35 PM] <DaveMethvin> i don't see a way to change it without editing the file but that will change any stored hash
[1:35 PM] <miketaylr> DaveMethvin: so just against jquery not https://github.com/jquery/codeorigin.jquery.com ?
[1:35 PM] <DaveMethvin> right
[1:35 PM] <miketaylr> thxxx
[1:35 PM] <miketaylr> http://code.jquery.com/jquery-1.10.0.min.js looks good
[1:36 PM] <miketaylr> it might just be 1.9.1
[1:36 PM] <DaveMethvin> and it actually is jquery.min.map for some cdns like googles
[1:36 PM] <DaveMethvin> since they don't have the version in the file name
[1:36 PM] <miketaylr> because 1.9.0 didn't have one
[1:36 PM] <miketaylr> fun bug
[1:36 PM] miketaylr files

Not sure if you can change this, but it would be nice if you could.
@dmethvin
Copy link

@dmethvin dmethvin commented Feb 4, 2016

I figured it was worth having miketaylr open a ticket so we can discuss. Wow. jQuery 1.9.1 was released 3 years ago today!

It's pretty easy to edit the source to point to the correct map file, jquery-1.9.1.min.map which is there on the CDN, but I'm concerned we may trigger some sort of alerts from people who don't expect the old files to ever change bits.

@scottgonzalez
Copy link

@scottgonzalez scottgonzalez commented Feb 4, 2016

Isn't this a known bug? I'm 99% sure if you look through the bug tracker you'll find a ticket for this.

@scottgonzalez
Copy link

@scottgonzalez scottgonzalez commented Feb 4, 2016

Oh, I see now that this is a different bug than the one I was thinking of.

@dmethvin
Copy link

@dmethvin dmethvin commented Feb 5, 2016

Another thing we could do is delete http://code.jquery.com/jquery.min.map because we have been discouraging the use of the plain-named jquery.js and jquery.min.js anyway.

@dmethvin
Copy link

@dmethvin dmethvin commented Feb 8, 2016

Since we're on the verge of recommending that people use Subresource Integrity, It seems like editing the file is a less and less appealing idea. It always bothered me that two files of the same version from different CDNs could have different hashes, but for the time that we put map comments into the file that was true because of the way different CDNs do their paths.

With that in mind, deleting the map file seems like the best solution, if we need to apply one.

@timmywil
Copy link

@timmywil timmywil commented Feb 9, 2016

I agree with deleting the map file.

@timmywil timmywil mentioned this issue Feb 9, 2016
Closed
@timmywil
Copy link

@timmywil timmywil commented Feb 9, 2016

Opened cdn issue jquery/codeorigin.jquery.com#23

@timmywil timmywil closed this Feb 9, 2016
@miketaylr
Copy link
Author

@miketaylr miketaylr commented Feb 9, 2016

Thanks for the help, everyone.

@lock lock bot locked as resolved and limited conversation to collaborators Jun 18, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@miketaylr @scottgonzalez @dmethvin @timmywil