use https for external resources #34
Comments
|
Huh? I dont think you understand that by using //, it uses whatever http or https you are using. // is the correct way to do things. |
|
@MACscr is correct, this is a non-issue |
|
The point is force the use of https, as cloudflare support it. If plain http is used, the door is open for XSS attacks, which would fail in the https scenario. |
|
Why in the world would you make this script open to the public where XSS would even be an issue? https doesn't automatically solve XSS. Here is crazy idea, simply adjust the code for your individual need. Its a single file. Not hard. https is not always needed and it's senseless to have it enabled all the time. You can even put the js files local if you really want to. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Change
src="//cdnjs.cloudflare.com/ajax/libs/d3/3.0.1/d3.v3.min.js"
src="//cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js"
for
src="https://cdnjs.cloudflare.com/ajax/libs/d3/3.0.1/d3.v3.min.js"
src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js"
The text was updated successfully, but these errors were encountered: