[Tools-implementation] Requiring Javascript for anything that needs login on the datatracker.
Robert Sparks <rjsparks@nostrum.com> Thu, 22 October 2020 18:27 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: tools-implementation@ietfa.amsl.com
Delivered-To: tools-implementation@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF12D3A0A6E for <tools-implementation@ietfa.amsl.com>; Thu, 22 Oct 2020 11:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.078
X-Spam-Level:
X-Spam-Status: No, score=-2.078 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Yb9NKqKjWdt for <tools-implementation@ietfa.amsl.com>; Thu, 22 Oct 2020 11:27:55 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474253A0A96 for <tools-implementation@ietf.org>; Thu, 22 Oct 2020 11:27:55 -0700 (PDT)
Received: from unescapeable.local ([47.186.30.41]) (authenticated bits=0) by nostrum.com (8.16.1/8.16.1) with ESMTPSA id 09MIRrQM037674 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for <tools-implementation@ietf.org>; Thu, 22 Oct 2020 13:27:53 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1603391273; bh=mKDK8B57xhaMeYYlPS/nKOYf6/5DX0i60z0fL09mJDE=; h=To:From:Subject:Date; b=Y/L2a5bp9l9emr6vdq2JqfVioU2C9N1eRS2CXt/Bs9LarftSGFgySREuxerL/kUx/ ODFizNXjyeB9wjcWLAOZQWJPpb/ygEJil14LrMsDcugDdHJkMVVPogOsnZ+Jn2CtFn JltfTotdaL0jXh4qTiQjvq4unUW1wF9InLDNQM78=
X-Authentication-Warning: raven.nostrum.com: Host [47.186.30.41] claimed to be unescapeable.local
To: "tools-implementation@ietf.org" <tools-implementation@ietf.org>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <311060fe-463e-33ae-1dfd-3ebc951f8edf@nostrum.com>
Date: Thu, 22 Oct 2020 13:27:53 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.3.3
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tools-implementation/izCOnlBdclTWhXUYXzKyzN7g_Hs>
Subject: [Tools-implementation] Requiring Javascript for anything that needs login on the datatracker.
X-BeenThere: tools-implementation@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Tools Implementation <tools-implementation.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-implementation>, <mailto:tools-implementation-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-implementation/>
List-Post: <mailto:tools-implementation@ietf.org>
List-Help: <mailto:tools-implementation-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-implementation>, <mailto:tools-implementation-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 18:27:57 -0000
I believe we are at a point that we need to lift (or at least significantly change) the requirement that most of our pages work without javascript. We already have many pages that have crossed that line - people who are doing anything really significant with the datatracker now need to allow javascript for things to function. As we start to try to further improve the speed of the datatracker one of the things we will want to look at is taking advantage of front-end frameworks like React (or at least following some of the same patterns for how they work). So I think we should start setting the expectation that for anything that requires you to login to the datatracker, you should expect to be running javascript. That moves the line for keeping pages functional without it to those things that you can do without logging in. A concrete example of where this will make a difference: Right now, it isn't immediately straightforward to cache results from the datatracker because we have a section on the page that is highly personalized to the logged in person (look at the menu under the logged in name). To blindly cache a page would cache things based on whoever was logged in as the cache was written. Someone else getting such a cached response would see a page with the wrong login (and other details in that menu). We can work around that, with some effort, by caching _parts_ of the page, mostly using template caching, but we have to be careful in that case to ensure that the parts that are cached are logged-in-user invariant, and be very careful with where the database reads happen. See https://trac.tools.ietf.org/tools/ietfdb/changeset/18625/trunk for a short example of the kind of care that has to be exercised. One path we could take that would let us more easily cache pages in a general fashion would be to move the rendering of the logged-in-user specific information into javascript, so that what pages return are login-invariant. The browser could then fetch and render the logged-in-user specific things. But that would require javascript, and would push the boundary of where javascript is required to "all pages where a user is logged in". RjS
- [Tools-implementation] Requiring Javascript for a… Robert Sparks
- Re: [Tools-implementation] Requiring Javascript f… Russ Housley