Closed
Bug 1063380
Opened 10 years ago
Closed 9 years ago
Use official site instead of googleapis.com to whitelist jQuery UI libs
Categories
(addons.mozilla.org Graveyard :: Add-on Validation, defect)
addons.mozilla.org Graveyard
Add-on Validation
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: TheOne, Assigned: TheOne)
References
()
Details
(Whiteboard: [ReviewTeam:P4][libfail][contribute])
We always tell developers that third party CDNs are not considered an official source for JS libraries. Therefore, let's use http://code.jquery.com/ui/ instead of https://ajax.googleapis.com/ajax/libs/jqueryui/ to fetch jQuery UI files to be whitelisted.
Comment 1•10 years ago
|
||
What about http://jqueryui.com/? Is that non-official? Are the hashes different?
Assignee | ||
Comment 2•10 years ago
|
||
Oh I pasted the link from the wrong tab. Of course I meant jqueryui.com (though I think the hashes will be the same). But let's use jqueryui.com anyways. Thanks Jorge.
Updated•10 years ago
|
Whiteboard: [ReviewTeam] → [ReviewTeam][libfail]
Content of 'jquery.com' & 'ajax.googleapis.com' are exactly the same (same hash) So it doesn't matter which source is used. hashes.txt has used above sources. 'jqueryui.com' on the other hand is different. Please check out my answer in: bug 1063225
Assignee | ||
Comment 4•10 years ago
|
||
(In reply to erosman from comment #3) > Content of 'jquery.com' & 'ajax.googleapis.com' are exactly the same (same > hash) > So it doesn't matter which source is used. > hashes.txt has used above sources. Yeah, but let's make the change anyway to be on the safe side. > We always tell developers that third party CDNs are not considered an official source for JS libraries. ... so let's not do this ourselves.
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → mail
Assignee | ||
Updated•10 years ago
|
Whiteboard: [ReviewTeam][libfail] → [ReviewTeam][libfail][contribute]
As I mentioned on IRC, Libraries are static and do not change over time. I think it is worthwhile considering to keep a local copy and generate Hashes from local files. It would greatly simplify jslibfetcher.py Using the http method, does not work for libraries that come in zip. Just an ides ....
Updated•10 years ago
|
Whiteboard: [ReviewTeam][libfail][contribute] → [ReviewTeam:P4][libfail][contribute]
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•