View Issue Details

IDProjectCategoryView StatusLast Update
0019932mantisbtperformancepublic2016-06-05 19:24
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version1.3.0-beta.3Fixed in Version1.3.0-beta.3 
Summary0019932: Load jquery from CDN
Description

We should support loading jQuery from CDN by default and provide a configuration option to revert to local version.

See sources at:
https://developers.google.com/speed/libraries/#jquery

This should at least improve first load performance.

TagsNo tags attached.

Relationships

related to 0013285 closedsyncguru Move script inclusions from HEAD to document footer 

Activities

atrol

atrol

2015-07-14 13:02

developer   ~0051067

Last edited: 2015-08-16 06:05

Pros/Cons

  • performance, especially in a scenario like MantisHub
  • performance in intranet scenario (latency)
  • decreased availability, a fallback should be implemented [1]
  • decreased security

Side notes

  • Don't forget to add the CDN to our CSP header
  • Always use HTTPS to access the CDN

I prefer to have the default setting for CDN usage to OFF.
Setting it to ON will break some existing installations when upgrading.
Setting it to ON will not work for all scenarios of new installations.

[1] http://weblogs.asp.net/jongalloway/using-cdn-hosted-jquery-with-a-local-fall-back-copy

dregad

dregad

2015-08-02 18:05

developer   ~0051181

This sounds like a good idea, but I'm also tempted to say that the default setting should be OFF.

We also need to decide which CDN(s?) we want to use/propose.

Finally, this needs to be carefully integrated and tested with CSP.

Thanks Roland for the research, particularly that interesting article on fallback which is something I definitely think we should do.

vboctor

vboctor

2015-08-15 02:14

manager   ~0051259

PR: https://github.com/mantisbt/mantisbt/pull/633

syncguru

syncguru

2015-08-16 14:14

developer   ~0051270

Few years ago, I would have thought OFF is a good choice .. but not anymore.

1- CDNs are very common now due to perf improvement - Popular page speed tools (i.e. YSlow, Google page speed ..etc) strongly recommend using CDNs for few years now. Amazon CloudFront is commonly used to implement very cheap CDNs
2- Public CDNs for popular libraries are not that many - we are talking about Google, Microsoft & MaxCDN (for bootstrap)
3- Practically speaking, we can only use CDNs for JQuery, JQueryUI & Bootstrap - that's it
4- The cons mentioned above serve very special cases while sacrificing the benefits for the most cases. I would argue that 99% will be affected negatively to the benefit of only 1% - If you have better metrics, please share.
5- Environments with no internet access are aware of their limitations ... they are prepared to make config changes.
6- I would challenge 'decreased security' argument.

dregad

dregad

2015-08-17 03:29

developer   ~0051278

99% will be affected negatively to the benefit of only 1% - If you have better metrics, please share.

82.7% of statistics are made up on the spot ? ;-)

Considering that we have virtually no data on MantisBT usage in the real world, I could challenge where you got your figures from, but I don't think this is worth discussing.

My point for default = OFF is that not using CDN and downloading from MantisBT server is guaranteed to work in every single scenario (even though it may cause degraded performance compared to CDN), whereas using a CDN may not.

atrol

atrol

2015-08-17 03:42

developer   ~0051279

We might start endless discussions if we want to consider all possible pros/cons, e.g.
http://www.sitepoint.com/7-reasons-not-to-use-a-cdn/
http://htmlcheats.com/cdn-2/6-reasons-use-cdn/
https://thethemefoundry.com/blog/why-we-dont-use-a-cdn-spdy-ssl/
...

I think there is just one solution that would work for all:
Let the user decide when installing/upgrading the system and write the result to config_inc.php.
Default should be OFF, as we should not introduce regressions and we should not introduce access to other servers behind our users back.

vboctor

vboctor

2015-08-17 11:37

manager   ~0051282

I've merged the change with default OFF for now. If we agree later to turn it ON, then we can do a follow up checkin. We can also decide to start OFF in 1.3 and turn ON in 2.0.

Feel free to continue the discussion.

atrol

atrol

2015-08-17 16:22

developer   ~0051287

I am not sure if cdn_enabled should be in list $g_global_settings.
AFAIK we don't have a clear rule for it.

vboctor

vboctor

2015-08-18 23:33

manager   ~0051291

Relating to ability to have database overrides, I use the following logic:

Let's assume we have two roles:

  • Sysadmin/Hoster - e.g. MantisHub hosting for users or a sysadmin hosting MantisBT for a team. The sysadmin/hoster have access to the php files, web server, etc. But may not event have a login to MantisBT itself.
  • Administrator This is the MantisBT administrator with full access to do everything within the web app, but not able to change the php scripts, the php config scripts, etc.

In this case, I expect CDN to be an option for the Sysadmin/hoster and not one for the MantisBT administrator, and hence, I would add it to global settings and use config_get_global to get it. Hence, I would make a follow up change for this.

A bad example that we have today is default_timezone. At the moment, administrators are able to set it, but code looks at the global config, hence, it doesn't really work as expected.

Does this make sense as a way to reason about this?

atrol

atrol

2015-09-13 10:16

developer   ~0051455

Does this make sense as a way to reason about this?
Makes sense

BTW, I just enabled CDN for https://www.mantisbt.org/bugs

Related Changesets

MantisBT: master 5414ba9a

2015-08-14 22:12

vboctor


Details Diff
Load jquery from CDN

This is to improve performance for the following reasons:

- Browser loads more in parallel due to loading from different servers.
- CDN libraries likely to be already cached as it is referenced by other websites / web apps.
- CDN will deliver lower latencies with the possible exception of intranet.

Fixes 0019932
Affected Issues
0019932
mod - config_defaults_inc.php Diff File
mod - core/html_api.php Diff File
mod - core/http_api.php Diff File
mod - docbook/Admin_Guide/en-US/config/html.xml Diff File

MantisBT: master 0a45b7b1

2015-08-15 09:01

vboctor


Details Diff
Use protocol-less urls to reference CDN

Fixes 0019932
Affected Issues
0019932
mod - core/html_api.php Diff File
mod - core/http_api.php Diff File

MantisBT: master fc9a3320

2015-08-15 09:05

vboctor


Details Diff
Use constants for jQuery and jQueryUI versions

Fixes 0019932
Affected Issues
0019932
mod - core/constant_inc.php Diff File
mod - core/html_api.php Diff File

MantisBT: master 958d28bc

2015-08-18 22:43

vboctor


Details Diff
Revert "Use protocol-less urls to reference CDN"

Protocol-less urls were causing the CSP to fail.

This reverts commit 0a45b7b1b375fdc088cdbbc9908928755362c756.

# Conflicts:
# core/html_api.php
Affected Issues
0019932
mod - core/html_api.php Diff File
mod - core/http_api.php Diff File

MantisBT: master aa9b4f8a

2015-08-18 23:44

vboctor


Details Diff
Mark cdn_enabled as global setting

Issue 0019932
Affected Issues
0019932
mod - config_defaults_inc.php Diff File
mod - core/html_api.php Diff File
mod - core/http_api.php Diff File

MantisBT: master e753cca6

2016-05-23 11:54

dregad


Details Diff
Use JQUERY_VERSION constant in install.php

Commit fc9a3320815f8341236cb7bf0c41855227a3c8c3 missed one occurence of
jQuery version number.

Issue 0019932
Affected Issues
0019932, 0021059
mod - admin/install.php Diff File