core(preconnect): add warning if preconnect link is not used

[patrickhulce]

Summary
This PR adds a warning to the preconnect audit when the origin is found in a link[rel=preconnect] but still isn't being used. Usually it's because of a missing crossorigin but good to be aware of either way.

I'd also like to start ignoring origins that were discovered within ~300 ms or so of the main document since that's basically what preconnect would do anyway, but thought I'd bring that up for discussion first.

#6676 also suggested mentioning a limit on the number of preconnect origins in our help text. I think that makes sense but goes against our "it's all in the learn more link" stance. Others Ok with it?

Related Issues/PRs
fixes #5932 #6676

[wardpeet]

I'd also like to start ignoring origins that were discovered within ~300 ms or so of the main document since that's basically what preconnect would do anyway, but thought I'd bring that up for discussion first.

I actually like that we discard these records. Now your warning message isn't super helpful. If I read it I would add crossorigin to the preconnect tag and I'll see the same message pop up. Sometimes crossorigin helps but the urls listed in the bugs do not get fixed by slapping crossorigin on it.

[patrickhulce]

I actually like that we discard these records.

As in, you would like it if we started discarding ones started within the first 300 ms? :) Right now it's kinda strict at 50 ms.

Now your warning message isn't super helpful. If I read it I would add crossorigin to the preconnect tag and I'll see the same message pop up.

Good point, should we not mention it at all then just save it for the docs?

[wardpeet]

As in, you would like it if we started discarding ones started within the first 300 ms? :) Right now it's kinda strict at 50 ms.

not sure what the correct timing is on this :) i'm fine with whatever is correct

Good point, should we not mention it at all then just save it for the docs?

Yes indeed, maybe just point out that the preconnect fields had no effect and refer to docs

[paulirish]

Isn't #5932 pointing out we tell the user to preconnect even if they already are?

Seems like we have to exclude any currently preconnected origins from our recommendations, right?

[paulirish]

it does seem weird to do it both ways.

instead we could stick to the DOM methods and just new URL(href, finalUrl) for the normalized href.

Or just use the JS version and ditch the other.

[patrickhulce]

oh we're not doing it both ways it returns the JS way, it seems I never pushed up the removal of the dead code in case people screamed bloody murder about doing it in browser-executed js :)

[paulirish]

k. sg

[patrickhulce]

Isn't #5932 pointing out we tell the user to preconnect even if they already are?

Yes, but there's a common case where they have added it incorrectly so it's not being used (i.e. missing crossorigin). It seems like we have several options

1. Fail normally (what we do today)
2. Remove it from the list and don't say anything more
3. Remove it from the list and add a warning that we didn't see it being respected
4. Fail normally and add a warning that we didn't see it being respected.

This PR is 3, but sounds like you're a fan of 2?

[paulirish]

This PR is 3, but sounds like you're a fan of 2?

Hmmm. I guess I'm asking why we say ericbidelman.com should preconnect to https://fonts.googleapis.com.. He already has the preconnect reference (with crossorigin). And it basically looks like the preconnect works? Perhaps this line isn't being satisfied, but probably should be?

// filter out all resources where origins are already resolved
UsesRelPreconnectAudit.hasAlreadyConnectedToOrigin(record) ||	          

---

Also unfortunately our UI for warnings in opps is kinda ugly:

[paulirish]

should rename the file as well.

[patrickhulce]

done

[paulirish]

k. sg

[paulirish]

There's probably a difference between link elems in head vs body that will be important at some point, but for now we can ignore it.

[paulirish]

canonical too fwiw

[patrickhulce]

this is tracked by your issue now so I'll just remove anyway :)

[brendankenny]

canonical too fwiw

this is tracked by your issue now so I'll just remove anyway :)

we should split those bullet points up into the implementation steps

[paulirish]

Let's mention crossorigin here in the warning.

[paulirish]

I feel weird calling these links. A preconnect "reference"?

[patrickhulce]

@wardpeet and I discussed and he suggested removing the mention of crossorigin, I somewhat agree and given our other positions it makes some sense to keep it in the docs

Now your warning message isn't super helpful. If I read it I would add crossorigin to the preconnect tag and I'll see the same message pop up. Sometimes crossorigin helps but the urls listed in the bugs do not get fixed by slapping crossorigin on it.

[brendankenny]

• would it be terrible to do "A preconnect <link> was..." to make it clear what's being referenced?
• if not going to mention crossorigin, does the string var need a new name?
• "was not used" is kind of ambiguous. "was not used by the browser"? "was not able to be used by the browser"? followed? honored?
• Is there any more hint we can give about what went wrong?

[patrickhulce]

would it be terrible

nope sounds good

if not going to mention crossorigin, does the string var need a new name?

heh, yes, but hang on one sec

is kind of ambiguous

was not used by the browser SGTM

Is there any more hint we can give about what went wrong?

This is 99% a crossorigin problem IMO, since you and Paul both are on that side and that was my first instinct as well, I think it's worth going back :) sorry @wardpeet!

[patrickhulce]

He already has the preconnect reference (with crossorigin). And it basically looks like the preconnect works?

but he doesn't? :) he's preconnecting to https://fonts.gstatic.com/ not googleapis

[brendankenny]

any reason for this change?

[patrickhulce]

yeah I failed this test while I was working and the error message you get is useless, this way it shows you what audit details you actually did get back so you know where to go fix

[brendankenny]

• would it be terrible to do "A preconnect <link> was..." to make it clear what's being referenced?
• if not going to mention crossorigin, does the string var need a new name?
• "was not used" is kind of ambiguous. "was not used by the browser"? "was not able to be used by the browser"? followed? honored?
• Is there any more hint we can give about what went wrong?

[brendankenny]

move these two lines down below where they're used?

[patrickhulce]

sure, done

[brendankenny]

I think we settled(ish) on .js going forward?

[patrickhulce]

done

[brendankenny]

a rare useIsolation sighting!

[brendankenny]

link.crossOrigin

(we probably want to go with the same camel case for the artifact property as well?)

[patrickhulce]

good points, maybe I shouldn't bring in attributes I'm not using yet 😆

[brendankenny]

shouldn't these all be required since the browser will normalize to at least an empty string? Or we could have the gatherer explicitly drop '' in favor of undefined.

And from the spec/a quick test, crossorigin can be null | 'anonymous' | 'use-credentials' (the browser corrects anything else to `'anonymous')

[patrickhulce]

yeah, SGTM I'll change to match spec

[brendankenny]

travis failure is just needing to update this snapshot

[patrickhulce]

done

[brendankenny]

canonical too fwiw

this is tracked by your issue now so I'll just remove anyway :)

we should split those bullet points up into the implementation steps

[brendankenny]

This seems great and love the new artifact.

Smoke testing for the gatherer will follow when the other audits are moved to use this artifact, but any chance of getting a preconnect warning smoke test as well? We have one suggested preconnect origin in preload_style.css already, maybe we could add another and a failing <link rel="preconnect"> in the preload.html test page?

[patrickhulce]

any chance of getting a preconnect warning smoke test as well?

this one is trickier because it needs new origins, are you onboard for introducing external internet dependencies into the local smoke tests? I was holding off because of that, but I think a google fonts smoketest for this would the ideal test case since it's also what I imagine is the most common real-world scenario

[brendankenny]

this one is trickier because it needs new origins, are you onboard for introducing external internet dependencies into the local smoke tests? I was holding off because of that, but I think a google fonts smoketest for this would the ideal test case since it's also what I imagine is the most common real-world scenario

ha, maybe it is time to give up on that. We do have the two static_server ports so we can technically request from a different origin (used in e.g. fonts.html -> cors-fonts.css), but that still might not be a great setup.

An external dependency is also not as big a deal as it once was for e.g. testing on a plane since yarn smoke was split up into all its different parts, since you can route around bad internet access now.

I guess the big thing would be how flakey it would end up being. Ideally google fonts will be pretty reliable?

[patrickhulce]

We do have the two static_server ports so we can technically request from a different origin (used in e.g. fonts.html -> cors-fonts.css), but that still might not be a great setup.

Yeah but that's the one we're already using for real so we already ran out of origins to use for warnings! 😆

An external dependency is also not as big a deal as it once was

Yeah I agree here, I'll take the plunge

[brendankenny]

LGTM!

over to @paulirish

[brendankenny]

not worth the extra specificity?

[patrickhulce]

not totally sure which direction you're suggesting going :)

[brendankenny]

'anonymous'|'use-credentials'|null instead of just string|null. It might not buy us anything (maybe if we end up with a switch statement somewhere).

[patrickhulce]

oh gotcha, sure!

[wardpeet]

👏 sweet, looking good