MACscr
commented
9 years ago Huh? I dont think you understand that by using //, it uses whatever http or https you are using. // is the correct way to do things.
Open AlbertoDiazC opened 9 years ago
MACscr
commented
9 years ago Huh? I dont think you understand that by using //, it uses whatever http or https you are using. // is the correct way to do things.
lkraav
commented
9 years ago @MACscr is correct, this is a non-issue
AlbertoDiazC
commented
9 years ago The point is force the use of https, as cloudflare support it. If plain http is used, the door is open for XSS attacks, which would fail in the https scenario.
MACscr
commented
9 years ago Why in the world would you make this script open to the public where XSS would even be an issue? https doesn't automatically solve XSS. Here is crazy idea, simply adjust the code for your individual need. Its a single file. Not hard. https is not always needed and it's senseless to have it enabled all the time. You can even put the js files local if you really want to.
Change src="//cdnjs.cloudflare.com/ajax/libs/d3/3.0.1/d3.v3.min.js" src="//cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js" for src="https://cdnjs.cloudflare.com/ajax/libs/d3/3.0.1/d3.v3.min.js" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js"