Use official site instead of googleapis.com to whitelist jQuery UI libs

RESOLVED WONTFIX

Status

--
minor
RESOLVED WONTFIX
4 years ago
3 years ago

People

(Reporter: TheOne, Assigned: TheOne)

Tracking

Details

(Whiteboard: [ReviewTeam:P4][libfail][contribute], URL)

We always tell developers that third party CDNs are not considered an official source for JS libraries.

Therefore, let's use http://code.jquery.com/ui/ instead of https://ajax.googleapis.com/ajax/libs/jqueryui/ to fetch jQuery UI files to be whitelisted.
What about http://jqueryui.com/? Is that non-official? Are the hashes different?
(Assignee)

Comment 2

4 years ago
Oh I pasted the link from the wrong tab. Of course I meant jqueryui.com (though I think the hashes will be the same). But let's use jqueryui.com anyways.

Thanks Jorge.
Whiteboard: [ReviewTeam] → [ReviewTeam][libfail]

Comment 3

4 years ago
Content of 'jquery.com'  & 'ajax.googleapis.com' are exactly the same (same hash)
So it doesn't matter which source is used.
hashes.txt has used above sources.

'jqueryui.com' on the other hand is different.

Please check out my answer in: bug 1063225
(Assignee)

Comment 4

4 years ago
(In reply to erosman from comment #3)
> Content of 'jquery.com'  & 'ajax.googleapis.com' are exactly the same (same
> hash)
> So it doesn't matter which source is used.
> hashes.txt has used above sources.

Yeah, but let's make the change anyway to be on the safe side.

> We always tell developers that third party CDNs are not considered an official source for JS libraries.

... so let's not do this ourselves.
(Assignee)

Updated

4 years ago
Assignee: nobody → mail
(Assignee)

Updated

4 years ago
Whiteboard: [ReviewTeam][libfail] → [ReviewTeam][libfail][contribute]

Comment 5

4 years ago
As I mentioned on IRC, Libraries are static and do not change over time. I think it is worthwhile considering to keep a local copy and generate Hashes from local files. It would greatly simplify jslibfetcher.py 

Using the http method, does not work for libraries that come in zip.

Just an ides ....
Whiteboard: [ReviewTeam][libfail][contribute] → [ReviewTeam:P4][libfail][contribute]
(Assignee)

Updated

4 years ago
Depends on: 1013413
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.