mrjones-plip
commented
4 months ago yay! Thanks for circling back to this @kennsippell \o/
Closed mrjones-plip closed 4 months ago
mrjones-plip
commented
4 months ago yay! Thanks for circling back to this @kennsippell \o/
Right now we include assets from both
unpkg.comandcdn.jsdelivr.net. I think we should remove these.If they go down, the app can't function (eg login breaks). Further, removing them improves our security posture without needing to implement a CSP (though CSP would be a good idea!).
Fix should be to just make a copy of the external assets to where ever our tool keeps static assets and update the code to use the local URL instead of 3rd part URL.