Add resource hints for reCAPTCHA #10616
Conversation
changelog: Internal, Spam Mitigation, Add resource hints to improve load speed for reCAPTCHA
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
| '<https://www.google.com>;rel=preconnect', | ||
| '<https://www.gstatic.com>;rel=preconnect;crossorigin', |
There was a problem hiding this comment.
One thing I didn't check previously is whether it's valid to omit the quotes on the values here, since both Rails and related MDN resources include them.
I confirmed this in the relevant spec: https://httpwg.org/specs/rfc8288.html#header
The ABNF for the field value is:
Link = #link-value link-value = "<" URI-Reference ">" *( OWS ";" OWS link-param ) link-param = token BWS [ "=" BWS ( token / quoted-string ) ]Note that any link-param can be generated with values using either the token or the quoted-string syntax; therefore, recipients MUST be able to parse both forms. In other words, the following parameters are equivalent:
x=y x="y"
Adding on to my comment at #10612 (comment), this could be another micro-optimization if we wanted to fully control the resource hint header and optimize its size. Edit: Turns out, Rails omits them too!
There was a problem hiding this comment.
Also validated them as working in Safari (related blog post):
🛠 Summary of changes
Adds resource hints to the response headers when loading reCAPTCHA, to improve load times.
Related documentation: https://cloud.google.com/recaptcha-enterprise/docs/using-features#instrument-site
The changes here add the resource hints as a response header, which allow the browser to resolve the hint before parsing page markup.
📜 Testing Plan
Prerequisite: You'll need valid reCAPTCHA keys. In local development, you can use keys generated yourself with the free version of reCAPTCHA:
config/application.yml, adding your site and secret keysVerify response header is present on pages where reCAPTCHA is loaded:
<https://www.google.com>and<https://www.gstatic.com>entries