Add near-live refresh for CVE feed page #44074
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,8 @@ | |
| {{ if ne $feed.version "https://jsonfeed.org/version/1.1" }} | ||
| {{ warnf "CVE feed shortcode. KEP-3203: CVE feed does not comply with JSON feed v1.1." }} | ||
| {{ end }} | ||
|
|
||
| <table class="security-cves" data-cve-feed-bucket="{{ .Site.Params.cveFeedBucket }}"> | ||
| <caption style="caption-side: top;">{{ T "cve_table" }} {{ printf (T "cve_table_date_format_string") ($feed._kubernetes_io.updated_at | time.Format (T "cve_table_date_format")) }}</caption> | ||
| <thead> | ||
| <tr> | ||
|
|
@@ -21,3 +22,43 @@ | |
| {{ end }} | ||
| </tbody> | ||
| </table> | ||
|
|
||
| <script> | ||
|
There was a problem hiding this comment. Consider incorporating this script into the header or footer of the page, loading conditionally based on the presence of the For guidance, refer to the tips provided at https://gohugo.io/templates/shortcode-templates/ and refer our existing layouts to see how we handle 'HasShortcode'. |
||
| window.addEventListener("DOMContentLoaded", () => { | ||
|
There was a problem hiding this comment. 💭 How about adding a refresh/fetch button in the corner of the table, alongside this auto-trigger logic of every 10 minutes? This button could be used explicitly to refresh the feed table data. |
||
| const table = document.querySelector("table.security-cves") | ||
| const cveFeedBucket = table.getAttribute("data-cve-feed-bucket") | ||
| const tbody = table.querySelector("tbody") | ||
| const cachedInnerHTML = tbody.innerHTML | ||
|
|
||
| const renderCVEs = (cves) => { | ||
| let tbodyHTML = "" | ||
| for (let cve of cves) { | ||
| tbodyHTML += `<tr> | ||
|
There was a problem hiding this comment. Additionally, we should also refresh the table caption when fetching new data, as it provides the timestamp indicating the last update of the CVE feed data. |
||
| <td><a href="${cve.url}">${cve.id}</a></td> | ||
| <td>${cve.summary}</td> | ||
| <td><a href="${cve.url}">#${cve["_kubernetes_io"].issue_number}</a></td> | ||
| </tr>` | ||
| } | ||
| return tbodyHTML | ||
| } | ||
|
|
||
| const fetchCves = () => { | ||
| fetch(cveFeedBucket) | ||
| .then(resp => resp.json()) | ||
| .then(content => { | ||
| tbody.innerHTML = renderCVEs(content.items) | ||
| }).catch(() => { | ||
| // If cannot fetch cves, show cached cves | ||
| tbody.innerHTML = cachedInnerHTML | ||
| }) | ||
| } | ||
|
|
||
| // run at page load | ||
| fetchCves() | ||
|
|
||
| // run every 10 mins | ||
| setInterval(() => { | ||
| fetchCves() | ||
| }, 10 * 60 * 1000) | ||
| }) | ||
| </script> | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the deploy preview (here), I've see following a CORS policy error:
Access to fetch at 'https://storage.googleapis.com/k8s-cve-feed/official-cve-feed.json' from origin 'https://deploy-preview-44074--kubernetes-io-main-staging.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.I'm hoping that this cross-site script error will be gone in the production build at kubernetes.io