Page MenuHomePhabricator
Create Task
Maniphest T321712

wikilovesbrasil.toolforge.org loads third-party content
Open, Needs TriagePublic
Actions

Description

I wasn't sure whether to report this here or in https://github.com/WikiMovimentoBrasil/wikilovesbrasil/issues

https://wikilovesbrasil.toolforge.org/ loads a lot of third-party content, violating user privacy. Please see T172065 for more information.

<link rel="preconnect" href="https://fonts.gstatic.com">
<link href='https://fonts.googleapis.com/css?family=Josefin+Sans' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link rel="stylesheet" href="/static/css/style.css" type='text/css'>
<link rel="shortcut icon" href="/static/images/favicon.ico">
<title>Brasil | Wiki Loves Brasil</title>

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css">
<link rel="stylesheet" href="https://unpkg.com/leaflet@1.7.1/dist/leaflet.css">
<link rel="stylesheet" href="/static//css/bootstrap-side-modals.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"/>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/leaflet.locatecontrol/dist/L.Control.Locate.min.css"/>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/leaflet-easybutton@2/src/easy-button.css">

Related Objects
Search...

Event Timeline

Aklapper created this task.Oct 26 2022, 4:14 PM
Nintendofan885 subscribed.Oct 26 2022, 4:49 PM
Nintendofan885 added a comment.Oct 26 2022, 4:52 PM

CSP report

Ederporto added a comment.Oct 26 2022, 4:55 PM

Sorry, @Aklapper, but do you have any suggestion on how should I tackle this?

Nintendofan885 added a comment.EditedOct 26 2022, 5:02 PM

changed Google Fonts and jQuery to tools-static equivalents in https://github.com/WikiMovimentoBrasil/wikilovesbrasil/pull/3

Aklapper added a comment.Oct 26 2022, 6:17 PM

I don't know if https://unpkg.com/leaflet@1.7.1/dist/leaflet.css resembles https://tools-static.wmflabs.org/cdnjs/ajax/libs/leaflet/1.7.1/leaflet.min.css

Aklapper added a parent task: T172065: Hunt for Toolforge tools that load resources from third party sites.Oct 26 2022, 6:18 PM
Nintendofan885 added a comment.Oct 26 2022, 8:14 PM
In T321712#8347007, @Aklapper wrote:

https://github.com/WikiMovimentoBrasil/wikilovesbrasil/pull/4

I don't know if https://unpkg.com/leaflet@1.7.1/dist/leaflet.css resembles https://tools-static.wmflabs.org/cdnjs/ajax/libs/leaflet/1.7.1/leaflet.min.css

https://cdnjs.com/libraries/leaflet/1.7.1 links to https://github.com/Leaflet/Leaflet but it seems the GitHub version matches the one on UNPKG which is different to the one on cdnjs

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL