OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Decoupled asset hash calculation from package.json (#10774)

Browse Source 
refs https://github.com/TryGhost/Ghost/issues/9414
refs c9b95b4bbd

- Removed package version from asset hash calculation
- Package version doesn't introduce any value when calculating a hash because Date.now() provides enough randomization on its own
This commit is contained in:
Naz Gargol 2019-06-05 10:06:25 +02:00 committed by GitHub
parent 74d5bf3822
commit cb199b17b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/server/data/meta/asset_url.js
View File

@ -1,8 +1,7 @@
const crypto = require('crypto'),
config = require('../../config'),
imageLib = require('../../lib/image'),
urlService = require('../../services/url'),
packageInfo = require('../../../../package.json');
urlService = require('../../services/url');
/**
* Serve either uploaded favicon or default
@ -39,7 +38,7 @@ function getAssetUrl(path, hasMinFile) {
// Ensure we have an assetHash
// @TODO rework this!
if (!config.get('assetHash')) {
config.set('assetHash', (crypto.createHash('md5').update(packageInfo.version + Date.now()).digest('hex')).substring(0, 10));
config.set('assetHash', (crypto.createHash('md5').update(Date.now().toString()).digest('hex')).substring(0, 10));
}
// Finally add the asset hash to the output URL