From e603554f559b1be4861553239e22a7844075bedc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C4=83t=C4=83lin=20Mari=C8=99?= Date: Sun, 5 Apr 2015 20:15:21 +0300 Subject: [PATCH] Update the web app manifest file related configs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The specification for the manifest file for web applications was recently updated¹ and it changed one of the recommended file extensions from `.manifest` to the unique `.webmanifest`². "`.manifest` was the recommended file extension for the Application Cache manifest file, and then, it was changed³ to `.appcache` in order to "avoid clashing with Microsoft's unregistered `application/manifest` type". So, taking into consideration also the legacy aspects, recommending `.manifest` as the file extension creates even more "clashing", and this can complicate things when it comes to server configs (e.g.: especially as in some of the cases, things like the media type matter). ... It's not only about "sending the recommended mime type". Some servers (e.g.: Apache) rely on the media type for different settings (e.g: ExpiresByType), and not having a unique file extension sometimes makes the mapping to a media type not so straightforward. " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ¹ https://github.com/w3c/manifest/commit/0eecadd09074746a657d806131a39e2f7bdc962f ² https://github.com/w3c/manifest/issues/346 ³ https://html5.org/r/5812 --- CHANGELOG.md | 4 + dist/.htaccess | 60 +++++------- src/internet_explorer/x-ua-compatible.conf | 2 +- src/media_types/character_encodings.conf | 2 + src/media_types/media_types.conf | 32 +------ src/security/content-security-policy.conf | 2 +- src/security/x-frame-option.conf | 2 +- src/security/x-xss-protection.conf | 2 +- src/web_performance/expires_headers.conf | 16 +++- .../filename-based_cache_busting.conf | 2 +- test/fixtures/.htaccess | 60 +++++------- test/fixtures/.well-known/test.html | 10 ++ test/fixtures/test.webmanifest | 22 +++++ test/tests.js | 92 +++++++++++++------ 14 files changed, 167 insertions(+), 141 deletions(-) create mode 100644 test/fixtures/.well-known/test.html create mode 100644 test/fixtures/test.webmanifest diff --git a/CHANGELOG.md b/CHANGELOG.md index cddb1660..d9f16729 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### HEAD + +* Update the web app manifest file related configs. + ### 2.13.0 (March 4, 2015) * Remove the mapping of `.manifest` files to the `text/cache-manifest` media type diff --git a/dist/.htaccess b/dist/.htaccess index d1f18116..11755ed9 100644 --- a/dist/.htaccess +++ b/dist/.htaccess @@ -130,7 +130,7 @@ Options -MultiViews # the `X-UA-Compatible` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-UA-Compatible @@ -185,37 +185,7 @@ Options -MultiViews # Manifest files - # If you are providing a web application manifest file (see - # the specification: https://w3c.github.io/manifest/), it is - # recommended that you serve it with the `application/manifest+json` - # media type. - # - # Because the web application manifest file doesn't have its - # own unique file extension, you can set its media type either - # by matching: - # - # 1) the exact location of the file (this can be done using a - # directive such as ``, but it will NOT work in - # the `.htaccess` file, so you will have to do it in the main - # server configuration file or inside of a `` - # container) - # - # e.g.: - # - # - # AddType application/manifest+json json - # - # - # 2) the filename (this can be problematic as you will need to - # ensure that you don't have any other file with the same name - # as the one you gave to your web application manifest file) - # - # e.g.: - # - # - # AddType application/manifest+json json - # - + AddType application/manifest+json webmanifest AddType application/x-web-app-manifest+json webapp AddType text/cache-manifest appcache @@ -297,11 +267,13 @@ AddDefaultCharset utf-8 .js \ .json \ .jsonld \ + .manifest \ .rdf \ .rss \ .topojson \ .vtt \ .webapp \ + .webmanifest \ .xloc \ .xml @@ -475,7 +447,7 @@ AddDefaultCharset utf-8 # # the `X-Frame-Options` response header should be send only for # # HTML documents and not for the other resources. -# +# # Header unset X-Frame-Options # @@ -510,7 +482,7 @@ AddDefaultCharset utf-8 # # the `Content-Security-Policy` response header should be send # # only for HTML documents and not for the other resources. -# +# # Header unset Content-Security-Policy # @@ -678,7 +650,7 @@ AddDefaultCharset utf-8 # # the `X-XSS-Protection` response header should be send only for # # HTML documents and not for the other resources. -# +# # Header unset X-XSS-Protection # @@ -878,9 +850,12 @@ FileETag None ExpiresDefault "access plus 1 month" # CSS + ExpiresByType text/css "access plus 1 year" + # Data interchange + ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" @@ -892,25 +867,33 @@ FileETag None ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" + # Favicon (cannot be renamed!) and cursor images + ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML + ExpiresByType text/html "access plus 0 seconds" + # JavaScript + ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" + # Manifest files - ExpiresByType application/manifest+json "access plus 1 year" + ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" + # Media files + ExpiresByType audio/ogg "access plus 1 month" ExpiresByType image/bmp "access plus 1 month" ExpiresByType image/gif "access plus 1 month" @@ -922,6 +905,7 @@ FileETag None ExpiresByType video/ogg "access plus 1 month" ExpiresByType video/webm "access plus 1 month" + # Web fonts # Embedded OpenType (EOT) @@ -942,7 +926,9 @@ FileETag None # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 month" + # Other + ExpiresByType text/x-cross-domain-policy "access plus 1 week" @@ -994,5 +980,5 @@ FileETag None # # RewriteEngine On # RewriteCond %{REQUEST_FILENAME} !-f -# RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp)$ $1.$3 [L] +# RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1.$3 [L] # diff --git a/src/internet_explorer/x-ua-compatible.conf b/src/internet_explorer/x-ua-compatible.conf index 375cbefc..370a0d0e 100644 --- a/src/internet_explorer/x-ua-compatible.conf +++ b/src/internet_explorer/x-ua-compatible.conf @@ -23,7 +23,7 @@ # the `X-UA-Compatible` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-UA-Compatible diff --git a/src/media_types/character_encodings.conf b/src/media_types/character_encodings.conf index 9a119b88..af2acb66 100644 --- a/src/media_types/character_encodings.conf +++ b/src/media_types/character_encodings.conf @@ -24,11 +24,13 @@ AddDefaultCharset utf-8 .js \ .json \ .jsonld \ + .manifest \ .rdf \ .rss \ .topojson \ .vtt \ .webapp \ + .webmanifest \ .xloc \ .xml diff --git a/src/media_types/media_types.conf b/src/media_types/media_types.conf index 9e63bde5..e7072e1d 100644 --- a/src/media_types/media_types.conf +++ b/src/media_types/media_types.conf @@ -29,37 +29,7 @@ # Manifest files - # If you are providing a web application manifest file (see - # the specification: https://w3c.github.io/manifest/), it is - # recommended that you serve it with the `application/manifest+json` - # media type. - # - # Because the web application manifest file doesn't have its - # own unique file extension, you can set its media type either - # by matching: - # - # 1) the exact location of the file (this can be done using a - # directive such as ``, but it will NOT work in - # the `.htaccess` file, so you will have to do it in the main - # server configuration file or inside of a `` - # container) - # - # e.g.: - # - # - # AddType application/manifest+json json - # - # - # 2) the filename (this can be problematic as you will need to - # ensure that you don't have any other file with the same name - # as the one you gave to your web application manifest file) - # - # e.g.: - # - # - # AddType application/manifest+json json - # - + AddType application/manifest+json webmanifest AddType application/x-web-app-manifest+json webapp AddType text/cache-manifest appcache diff --git a/src/security/content-security-policy.conf b/src/security/content-security-policy.conf index 8f64d49a..ef372276 100644 --- a/src/security/content-security-policy.conf +++ b/src/security/content-security-policy.conf @@ -27,7 +27,7 @@ # the `Content-Security-Policy` response header should be send # only for HTML documents and not for the other resources. - + Header unset Content-Security-Policy diff --git a/src/security/x-frame-option.conf b/src/security/x-frame-option.conf index a36052ae..0dd3c6e2 100644 --- a/src/security/x-frame-option.conf +++ b/src/security/x-frame-option.conf @@ -40,7 +40,7 @@ # the `X-Frame-Options` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-Frame-Options diff --git a/src/security/x-xss-protection.conf b/src/security/x-xss-protection.conf index 4c7c30fd..7452841a 100644 --- a/src/security/x-xss-protection.conf +++ b/src/security/x-xss-protection.conf @@ -43,7 +43,7 @@ # the `X-XSS-Protection` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-XSS-Protection diff --git a/src/web_performance/expires_headers.conf b/src/web_performance/expires_headers.conf index 3174db2a..55d0c0a2 100644 --- a/src/web_performance/expires_headers.conf +++ b/src/web_performance/expires_headers.conf @@ -16,9 +16,12 @@ ExpiresDefault "access plus 1 month" # CSS + ExpiresByType text/css "access plus 1 year" + # Data interchange + ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" @@ -30,25 +33,33 @@ ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" + # Favicon (cannot be renamed!) and cursor images + ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML + ExpiresByType text/html "access plus 0 seconds" + # JavaScript + ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" + # Manifest files - ExpiresByType application/manifest+json "access plus 1 year" + ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" + # Media files + ExpiresByType audio/ogg "access plus 1 month" ExpiresByType image/bmp "access plus 1 month" ExpiresByType image/gif "access plus 1 month" @@ -60,6 +71,7 @@ ExpiresByType video/ogg "access plus 1 month" ExpiresByType video/webm "access plus 1 month" + # Web fonts # Embedded OpenType (EOT) @@ -80,7 +92,9 @@ # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 month" + # Other + ExpiresByType text/x-cross-domain-policy "access plus 1 week" diff --git a/src/web_performance/filename-based_cache_busting.conf b/src/web_performance/filename-based_cache_busting.conf index 5e808248..85420be2 100644 --- a/src/web_performance/filename-based_cache_busting.conf +++ b/src/web_performance/filename-based_cache_busting.conf @@ -13,5 +13,5 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp)$ $1.$3 [L] + RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1.$3 [L] diff --git a/test/fixtures/.htaccess b/test/fixtures/.htaccess index 00a4b784..a2ff9cdf 100644 --- a/test/fixtures/.htaccess +++ b/test/fixtures/.htaccess @@ -110,7 +110,7 @@ Options -MultiViews # the `X-UA-Compatible` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-UA-Compatible @@ -165,37 +165,7 @@ Options -MultiViews # Manifest files - # If you are providing a web application manifest file (see - # the specification: https://w3c.github.io/manifest/), it is - # recommended that you serve it with the `application/manifest+json` - # media type. - # - # Because the web application manifest file doesn't have its - # own unique file extension, you can set its media type either - # by matching: - # - # 1) the exact location of the file (this can be done using a - # directive such as ``, but it will NOT work in - # the `.htaccess` file, so you will have to do it in the main - # server configuration file or inside of a `` - # container) - # - # e.g.: - # - # - # AddType application/manifest+json json - # - # - # 2) the filename (this can be problematic as you will need to - # ensure that you don't have any other file with the same name - # as the one you gave to your web application manifest file) - # - # e.g.: - # - # - # AddType application/manifest+json json - # - + AddType application/manifest+json webmanifest AddType application/x-web-app-manifest+json webapp AddType text/cache-manifest appcache @@ -277,11 +247,13 @@ AddDefaultCharset utf-8 .js \ .json \ .jsonld \ + .manifest \ .rdf \ .rss \ .topojson \ .vtt \ .webapp \ + .webmanifest \ .xloc \ .xml @@ -442,7 +414,7 @@ AddDefaultCharset utf-8 # the `X-Frame-Options` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-Frame-Options @@ -477,7 +449,7 @@ AddDefaultCharset utf-8 # the `Content-Security-Policy` response header should be send # only for HTML documents and not for the other resources. - + Header unset Content-Security-Policy @@ -645,7 +617,7 @@ AddDefaultCharset utf-8 # the `X-XSS-Protection` response header should be send only for # HTML documents and not for the other resources. - + Header unset X-XSS-Protection @@ -845,9 +817,12 @@ FileETag None ExpiresDefault "access plus 1 month" # CSS + ExpiresByType text/css "access plus 1 year" + # Data interchange + ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" @@ -859,25 +834,33 @@ FileETag None ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" + # Favicon (cannot be renamed!) and cursor images + ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML + ExpiresByType text/html "access plus 0 seconds" + # JavaScript + ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" + # Manifest files - ExpiresByType application/manifest+json "access plus 1 year" + ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" + # Media files + ExpiresByType audio/ogg "access plus 1 month" ExpiresByType image/bmp "access plus 1 month" ExpiresByType image/gif "access plus 1 month" @@ -889,6 +872,7 @@ FileETag None ExpiresByType video/ogg "access plus 1 month" ExpiresByType video/webm "access plus 1 month" + # Web fonts # Embedded OpenType (EOT) @@ -909,7 +893,9 @@ FileETag None # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 month" + # Other + ExpiresByType text/x-cross-domain-policy "access plus 1 week" @@ -961,5 +947,5 @@ FileETag None RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp)$ $1.$3 [L] + RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1.$3 [L] diff --git a/test/fixtures/.well-known/test.html b/test/fixtures/.well-known/test.html new file mode 100644 index 00000000..6d02a584 --- /dev/null +++ b/test/fixtures/.well-known/test.html @@ -0,0 +1,10 @@ + + + + + test + + + test + + diff --git a/test/fixtures/test.webmanifest b/test/fixtures/test.webmanifest new file mode 100644 index 00000000..75ad96d9 --- /dev/null +++ b/test/fixtures/test.webmanifest @@ -0,0 +1,22 @@ +{ + "lang": "en", + "name": "Test", + "short_name": "Test", + "icons": [{ + "src": "icon/lowres", + "sizes": "64x64", + "type": "image/webp" + }, { + "src": "icon/hd_small", + "sizes": "64x64" + }, { + "src": "icon/hd_hi", + "sizes": "128x128", + "density": 2 + }], + "scope": "/", + "start_url": "/index.html", + "display": "fullscreen", + "orientation": "landscape", + "theme_color": "aliceblue" +} diff --git a/test/tests.js b/test/tests.js index 715dc8f2..bddbfdc7 100644 --- a/test/tests.js +++ b/test/tests.js @@ -469,6 +469,13 @@ exports = module.exports = { } }, + 'test.webmanifest': { + responseHeaders: { + 'cache-control': 'max-age=604800, no-transform', + 'content-type': 'application/manifest+json; charset=utf-8' + } + }, + 'test.webp': { requestHeaders: { 'origin': 'http://' @@ -515,13 +522,6 @@ exports = module.exports = { 'content-encoding': null, 'content-type': 'application/x-xpinstall' } - }, - - '.well-known/manifest.json': { - responseHeaders: { - 'cache-control': 'max-age=31536000, no-transform', - 'content-type': 'application/manifest+json; charset=utf-8' - } } } @@ -616,29 +616,6 @@ exports = module.exports = { statusCode: 403 }, - '.well-known/manifest.json': { - requestHeaders: null, - responseBody: - '{\n' + - ' "name": "test",\n' + - ' "icons": [{\n' + - ' "src": "icon/lowres",\n' + - ' "sizes": "64x64",\n' + - ' "type": "image/webp"\n' + - ' }, {\n' + - ' "src": "icon/hd_small",\n' + - ' "sizes": "64x64"\n' + - ' }, {\n' + - ' "src": "icon/hd_hi",\n' + - ' "sizes": "128x128"\n' + - ' }],\n' + - ' "start_url": "/start.html",\n' + - ' "display": "fullscreen",\n' + - ' "orientation": "landscape"\n' + - '}\n', - responseHeaders: null, - }, - '.well-known/.hidden_directory/': { responseHeaders: null, statusCode: 403 @@ -649,6 +626,22 @@ exports = module.exports = { statusCode: 403 }, + '.well-known/test.html': { + requestHeaders: null, + responseBody: + '\n' + + '\n' + + '\n' + + ' \n' + + ' test\n' + + '\n' + + '\n' + + ' test\n' + + '\n' + + '\n', + responseHeaders: null + }, + '.well-known/test/': { responseHeaders: null, statusCode: 403 @@ -856,26 +849,65 @@ exports = module.exports = { 'test.12345.cur': { responseHeaders: null }, + 'test.12345.gif': { responseHeaders: null }, + 'test.12345.ico': { responseHeaders: null }, + 'test.12345.jpeg': { responseHeaders: null }, + 'test.12345.jpg': { responseHeaders: null }, + 'test.12345.png': { responseHeaders: null }, + 'test.12345.svg': { responseHeaders: null }, + 'test.12345.svgz': { responseHeaders: null + }, + + 'test.12345.webp': { + responseHeaders: null + }, + + 'test.12345.webmanifest': { + requestHeaders: null, + responseBody: + '{\n' + + ' "lang": "en",\n' + + ' "name": "Test",\n' + + ' "short_name": "Test",\n' + + ' "icons": [{\n' + + ' "src": "icon/lowres",\n' + + ' "sizes": "64x64",\n' + + ' "type": "image/webp"\n' + + ' }, {\n' + + ' "src": "icon/hd_small",\n' + + ' "sizes": "64x64"\n' + + ' }, {\n' + + ' "src": "icon/hd_hi",\n' + + ' "sizes": "128x128",\n' + + ' "density": 2\n' + + ' }],\n' + + ' "scope": "/",\n' + + ' "start_url": "/index.html",\n' + + ' "display": "fullscreen",\n' + + ' "orientation": "landscape",\n' + + ' "theme_color": "aliceblue"\n' + + '}\n', + responseHeaders: null } }