Replace polyfill.io with fastly's alternative

driebit / ginger

Ginger: awesome semantic CMS built on Zotonic

http://ginger.nl

Apache License 2.0

29 stars 9 forks source link

Replace polyfill.io with fastly's alternative #737

Closed pasqu4le closed 1 month ago

pasqu4le commented 2 months ago

See the issue: OEI-128

For reference, see: https://sansec.io/research/polyfill-supply-chain-attack

robvandenbogaard commented 2 months ago

Isn't it better to refrain from directly linking to 3rd party libraries in this way? This moves the attack surface from a Chinese supplier to probably a party susceptible to surveillance from other sides ;)

pasqu4le commented 1 month ago

You are right, I didn't do it right away because I wasn't sure if we needed the service at all.

It turns out that we can remove it entirely, so I updated this PR now.