Dear Hiroki,
Thank you for your article on SXG subresource prefetching.
https://web.dev/how-to-distribute-signed-http-exchanges/
Do you have a working example of this? I attempted to replicate the article, with an eye to using it to loading a service worker from another edge-distributed sxg file, however it does not download the subresource. I have included details below, in case that helps.
I would be very happy to convert my code into a minimal demo; a user would have to provide their own certificates but then they would have a fully working demo, if this can be fixed.
Best wishes, Max
## Details
I have an index.html and a .js file:
max@swift:~/projects/sxg-demo/v7 (0)$ head payload.html
<!DOCTYPE html>
<html lang="en">
<head>
<title>SXG Demo</title>
<link rel="prefetch" href="
https://winning.black/service-worker.js" as="script">
</head>
<body>
<h1>Look Ma, no weird URL</h1>
SUCCESS (0): head payload.html
max@swift:~/projects/sxg-demo/v7 (0)$ cat service-worker.js
console.log("Hey");
I create the sxg files as follows:
# First the subresource; I believe that this is completely standard...
gen-signedexchange \
-date "$(date +%Y-%m-%dT%H:%M:%SZ -d "24 hours ago")" \
-expire 48h \
-uri
https://winning.black/service-worker.js \
-content ./service-worker.js \
-certificate myOrigin-chain.pem \
-privateKey myOrigin.key \
-certUrl
https://demteam.org/cert/cert.cbor \
-validityUrl
https://winning.black/resource.validity.msg \
-o winning.black.service-worker.sxg
cp winning.black.service-worker.sxg /var/www/edge/
# Then the html, with the request header described in the article:
gen-signedexchange \
-date "$(date +%Y-%m-%dT%H:%M:%SZ -d "24 hours ago")" \
-expire 48h \
-uri
https://winning.black/hello.html \
-content ./payload.html \
-certificate myOrigin-chain.pem \
-privateKey myOrigin.key \
-certUrl
https://demteam.org/cert/cert.cbor \
-validityUrl
https://winning.black/resource.validity.msg \
-requestHeader "link: <
https://winning.black/service-worker.js>;rel=\"preload\";as=\"script\",<
https://winning.black/service-worker.js>;rel=\"allowed-alt-sxg\";header-integrity=\"$(sha256sum winning.black.service-worker.sxg | awk '{print $1}' | xxd -r -p - | base64)\"" \
-o winning.black.hello.sxg
cp winning.black.hello.sxg /var/www/edge/
# Finally, in NGINX, as per the article:
location /edge {
root /var/www/;
default_type "application/signed-exchange;v=b3";
add_header X-Content-Type-Options nosniff;
add_header link '<
https://demteam.org/edge/winning.black.service-worker.sxg>;rel="alternate";type="application/signed-exchange;v=b3";anchor="
https://winning.black/service-worker.js"';
}
# Testing:
- I visit the html sxg file:
https://demteam.org/edge/winning.black.hello.sxg
- The URL changes to winning.black and the HTML renders correctly
- The response headers are as expected:
Content-Type: application/signed-exchange;v=b3
link: <
https://demteam.org/edge/winning.black.service-worker.sxg>;rel="alternate";type="application/signed-exchange;v=b3";anchor="
https://winning.black/service-worker.js"
X-Content-Type-Options: nosniff
- However no attempt is made to download the service-worker.sxg, according to the nginx log at tail -n 30 /var/log/nginx/access.log or the chrome developer tab network view.