Scott Helme
Scott Helme
It seems that https://code.jquery.com/ now recommends HTTPS.
@konklone ahh, apologies. That's a bit disappointing given they clearly support HTTPS :(
@kangaechigai The linked tweet says that HSTS was only turned on for the website and API, not the CDN assets which are hosted from the cdnjs.cloudflare.com subdomain. I'm not sure...
Most assets on CDNJS are loaded from `cdnjs.cloudflare.com` aren't they? the CDNJS preload entry doesn't apply to that domain and you can see that the particular subdomain on CloudFlare is...
Having had a bit more of a look around I can see what you mean. There is another mechanism in CSP that could allow these to be whitelisted with minimal...
@LeoColomb you could do this using the nonce mechanism quite easily without rewriting any code. All you need to do is insert the nonce into the CSP header and then...
@albocc yes, of course, but that doesn't have any requirement for them to rewrite existing code to accommodate it :-)
You can get ECDSA server certificates without any changes, which is what the thread linked was regarding. Do they accept ECDSA account keys?
I'm not sure that I agree it's better to host your own copy as that can result in a worse experience for the user in a few ways. Using an...
Ok, self hosting aside as that seems to have taken us off topic, we still need to depend on you guys to provide the hash. If we download a copy...