Don't rely on CDNs
What needs to be done?
Make Hubl serve its own assets, don't rely on CDNs.
Technical details
When loading a Hubl instance, data is loaded from
- …happy-dev.fr
- …cloudflare.com
- …coops.tech
- …hubl.world
- …jsdelivr.net
- …jspm.dev
- …jspm.io
- …lescanumeriques.fr
- …startinblox.com
- …unpkg.com
Some of wich serve all kind of JS assets that are potentially dangerous. Some people like to block untrusted domains (in my case, jsdelivr.net
, unpkg.com
, jspn.*
are absolute no-go, the other needs a manual validation, but that's my business :)), which make the tool unusable. Can't we make Hubl serve its own assets?
Using CDNs is a good idea in an ideal world, but we speak of 2020 internet.
Test cases
Describe here the tests needed in order to validate this feature
- Install "NoScript" extension in your browser (Chrome/Firefox, I don't know for others)
- Visit an Hubl instance
- Allow the current tab to load all javascript in NoScript
- Open NoScript widget
- There is no CDNs domain contacted to get assets.