NthPortal
commented
6 years ago You can also potentially use a variety of fallback CDNs, and finally fall back to local if none of them work. haveibeenpwned does this
Closed dm520 closed 6 years ago
NthPortal
commented
6 years ago You can also potentially use a variety of fallback CDNs, and finally fall back to local if none of them work. haveibeenpwned does this
SethTisue
commented
6 years ago a pull request on this would be welcome
NthPortal
commented
6 years ago I don't know if or when I will have a chance to work on this, but the relevant html/js from haveibeenpwned.com (snapshot) which might be helpful and still allow the use of a CDN (because it saves a lot of bandwidth) is:
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js" integrity="sha384-rY/jv8mMhqDabXSo+UCggqKtdmBfd3qC2/KvyTDNQ6PcUJXaxK1tMepoQda4g5vB" crossorigin="anonymous"></script>
<script>(window.jQuery) || document.write('<script src="/scripts/jquery"><\/script>');</script>You can find the html snippet at the bottom of the page. See also "Edit 1" from this post: https://www.troyhunt.com/protecting-your-embedded-content-with-subresource-integrity-sri/
Edit: in summary, you attempt to load the resource via CDN, and if it's not there, write a script tag that adds the resource from a local path
NthPortal
commented
6 years ago Also, I don't know if Cloudflare works better for Chinese users. Any idea @dm520?
jvican
commented
6 years ago I'm sorry, closing was an accident. @NthPortal thanks for looking into this, it looks like we'll need some input from Chinese users to take a decision and test the implementation. /cc @hepin1989
Chinese users can't get to jquery。 https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js Please use the local server to store the jQuery file