Unblock cdn.jsdelivr.net

[MaxBroome]

Remove cdn.jsdelivr.net from hosts file.

This breaks theming for many common websites.

[welcome[bot]]

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

[XhmikosR]

@StevenBlack agreed this shouldn't have landed :/

[hrasekj]

This is nonsence. Eshop where i buy food for my dog stopped working. Why is this domain banned?

[russeg]

cdn.jsdelivr.net has been blocked and unblocked multiple times, maybe make a note about it.

[jigante]

Please cdn.jsdelivr.net shouldn't be in this list, this is a safe CDN used for example by default by Symfony "asset mapper" component and widely used for web development. Why was cdn.jsdelivr.net included in the blocklist?

[StevenBlack]

There is jsdelivr.com, but this cdn.jsdelivr.net is used starting recently to serve ads, lots of them, most notably for CNN.

I realize now that domain cdn.jsdelivr.net redirects to domain jsdelivr.com but plain-vanilla jsdelivr.net doesn't respond at all.

Just letting y'all know, jsdelivr.com is now being used to serve-up shit, and jsdelivr isn't cool anymore.

[jimaek]

Are you saying that CNN is pushing it's ads to Github and NPM and serving them via jsDelivr? Because that's the only way to serve any content via cdn.jsdelivr.net. Its not a commercial CDN.

[StevenBlack]

This is removed in commit 10a16bb8 but I'm certainly not happy that jsdelivr is now a back-door for ads, too.

[StevenBlack]

One example from CNN, snagged last night.

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/banner.js.

[jimaek]

That's not an ad, its an open source project. https://www.npmjs.com/package/prebid-universal-creative https://github.com/prebid/prebid-universal-creative

I guess it's aimed to be used to serve ads, but it doesn't actually use jsDelivr to load them. It's the same as an adult website using an open source video player to load videos from their own storage.

[StevenBlack]

@jimaek this conclusion is nonsense. Of course it's used to serve ads.

Once CNN is visibly fully loaded, this rolls-by along with the hundreds of subsequent requests per minute that the enshittified web uses to continuously phone home and load new stuff.

"An open source project" on Github does not get a pass here.

[jimaek]

There are no ads served from cdn.jsdelivr.net. The only way to do that you would have to actually push the banners, gifs, videos to an open github repo and served them.

It's the same as saying that jsDelivr is a porn website because some porn sites load https://www.jsdelivr.com/package/npm/video.js from it.

I have nothing against adblocking, I use it myself, but I dont think its fair to bash a free CDN designed to help open source developers to distribute their work. We don't do anything to support the "enshittification" of the web. We dont work with CNN and there is no abuse happening. They load an open JS framework from GitHub.

I hope you agree :)

[tompointexe]

So much domains have been badly blacklisted in the last update, please correct this

[devtimi]

Once CNN is visibly fully loaded, this rolls-by along with the hundreds of subsequent requests per minute that the enshittified web uses to continuously phone home and load new stuff.

"An open source project" on Github does not get a pass here.

I agree with your assessment, but in this case it's that people are abusing the platform to slip their adware by DNS filters. Because jsdelivr is used for so much more good than bad, to me it's akin to the issue of trying to block YouTube ads with DNS. Everyone should definitely report the package as malware but the need here is for a file specific blocker.

Thank you for maintaining this list, I appreciate it greatly.

[thomasbnt]

Oh thanks!

[april83c]

This breaks any website using https://newcss.net/ through jsdelivr as recommended by their documentation, including one of my websites.

I understand that it hosts some libraries that may be used to serve ads, but that doesn't mean you should block the entire CDN! It has lots of legitimate uses and users.

[goproslowyo]

Exactly the same problem that happened in https://github.com/StevenBlack/hosts/issues/2514 -- it's becoming clear that it's getting harder and harder to trust the maintainers of this list anymore.

EDIT: There's so many examples of arbitrary websites being blocked if you go through closed issues lately (https://github.com/StevenBlack/hosts/issues/2516). I've removed this list from pfSense firewall so my users don't experience most of the web being broken for no reason until the maintainers can get their act together. And listen, don't get me wrong I appreciated the effort to maintain the aggregated list here, but this is becoming nonsense.

[tarvcode]

Yep, blocking cdn.jsdelivr.net makes the search bar on rottentomatoes disappear.

[rotj]

Exactly the same problem that happened in #2514 -- it's becoming clear that it's getting harder and harder to trust the maintainers of this list anymore.

Yeah, I get that mistakes happen. But the maintainer's response here of fixing this under protest gives me pause. Like they're willing to break hundreds of popular websites as long as they can break ad delivery somewhere.

[devtimi]

As I mentioned above, if this affected you please report the npm package as malware. If npm allows this behavior they become complicit in the abuse of their platform, and jsdelivr legitimately becomes an ad server worth blocking.

[bajere]

As I mentioned above, if this affected you please report the npm package as malware. If npm allows this behavior they become complicit in the abuse of their platform, and jsdelivr legitimately becomes an ad server worth blocking.

I have also reported it. Redoc is now busted.