Page MenuHomePhabricator

Tool "iabot" loads assets from google and hotjar
Open, NormalPublic

Description

https://tools.wmflabs.org/iabot/: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
https://tools.wmflabs.org/iabot/: https://static.hotjar.com/c/hotjar-370938.js?sv=5
https://tools.wmflabs.org/iabot/: https://fonts.gstatic.com/s/roboto/v16/zN7GBFwfMP4uA6AR0HCoLQ.ttf
https://tools.wmflabs.org/iabot/: https://fonts.gstatic.com/s/roboto/v16/Hgo13k-tfSpn0qi1SFdUfaCWcynf_cDxXwCLxiixG1c.ttf
https://tools.wmflabs.org/iabot/: https://script.hotjar.com/modules-a9ff8fcffd36ded4c567239cd1a76fcf.js
https://tools.wmflabs.org/iabot/: https://vars.hotjar.com/rcj-99d43ead6bdf30da8ed5ffcb4f17100c.html
https://tools.wmflabs.org/iabot/: https://insights.hotjar.com/api/v1/client/sites/370938/visit-data?sv=5
https://tools.wmflabs.org/iabot/: https://insights.hotjar.com/api/v1/client/sites/370938/visit-data?sv=5
https://tools.wmflabs.org/iabot/: https://ws4.hotjar.com/api/v1/client/ws

Loading from external providers are discouraged. Please see parent tasks and J65.

For the fonts you can use https://tools-static.wmflabs.org/fontcdn/css?family=Roboto:300,400,500,700
I'm not sure about hotjar. It does not appear to be in cdnjs. You may want to host a copy yourself or use an alternative

Event Timeline

bd808 added a subscriber: bd808.Aug 7 2017, 3:59 AM

https://www.hotjar.com/ appears to be an external analytics site

Cyberpower678 triaged this task as Normal priority.Aug 8 2017, 4:07 PM
TheDJ added a subscriber: TheDJ.Mar 26 2018, 9:48 AM

Still unsolved. iabot is the number 9 violator in the csp-report
https://tools.wmflabs.org/csp-report/search?ft=iabot

Cirdan added a subscriber: Cirdan.Mar 26 2018, 11:50 AM
Cirdan added a comment.Jun 3 2018, 6:14 PM

For the record: In IABot 2.0, the only remaining external resource is Google Fonts, for which a replacement was given in the opening task.