[wp-trac] [WordPress Trac] #31801: Use wordpress.org CDN for all hosted assets.
WordPress Trac
noreply at wordpress.org
Sat Jun 27 14:29:30 UTC 2015
#31801: Use wordpress.org CDN for all hosted assets.
--------------------------------+------------------------------
Reporter: peterwilsoncc | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version:
Severity: normal | Resolution:
Keywords: | Focuses: performance
--------------------------------+------------------------------
Comment (by dorianmuthig):
* Is inappropriate change
* Has security implications
As per comment on GitHub:
https://github.com/WordPress/WordPress/commit/81df9bffc5ffdda9cd7c16dadef21b574f9ee922#commitcomment-11859945
(most recent code change that is relevant to the issue described)
And suggestion from:
https://core.trac.wordpress.org/ticket/32552?cnum_edit=9#comment:10
>> Please make a change and do not load libraries from external sources.
This centralizes the failure point and enables the external provider to
track all visitors, or worse, inject code in a targeted manner via
referrer, domain, IP and public cookie matching. Please include these
resources locally with the wordpress installation and make using the local
copy the default. In case you'd like to provide users with the option to
use a CDN, please do it in a manner which allows and encourages those
managing multiple wordpress installations to 1. use their own, 2. verify
the script loaded is the right one (lazy load it with JavaScript and
verify a checksum) and 3. avoid leaking user's browser behavior to third
parties.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31801#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list