Luthor loads Bootstrap 5.1.3 from https://cdn.jsdelivr.net/, and doesn’t work if that domain is blocked e.g. via NoScript (the language selector is unusable). Please load the library from https://cdnjs.toolforge.org/ instead to avoid leaking users’ IP addresses to jsDelivr.
Description
Description
Details
Details
Related Changes in GitLab:
| Title | Reference | Author | Source Branch | Dest Branch | |
|---|---|---|---|---|---|
| Load Bootstrap from Toolforge CDNjs | toolforge-repos/luthor!1 | lucaswerkmeister | toolforge-cdnjs | master |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T133919 [EPIC] Protect end-user privacy by restricting non-consensual third-party browser interactions | |||
| Open | None | T130748 Add Content-Security-Policy header enforcing 3rd party web interaction restrictions to proxy responses | |||
| Open | None | T172065 Hunt for Toolforge tools that load resources from third party sites | |||
| Resolved | Ijon | T368833 Luthor loads JavaScript and CSS from third-party domain jsdelivr.net |
Event Timeline
Comment Actions
lucaswerkmeister opened https://gitlab.wikimedia.org/toolforge-repos/luthor/-/merge_requests/1
Load Bootstrap from Toolforge CDNjs
Comment Actions
abartov closed https://gitlab.wikimedia.org/toolforge-repos/luthor/-/merge_requests/1
Load Bootstrap from Toolforge CDNjs