Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Trying to send 3rd party scripts over an SSL or SPDY connection is a hot topic these days.
Does proxying scripts from 3rd parties change the origin and sandboxing of scripts in the browser and introduce the risk of a compromised 3rd party being an attack vector?
If so, how can this be avoided?
Using 3rd party scripts is and has always been a security issue. Proxying does not change that.
Remember that all scripts run in the context of your page, regardless of their origin. That’s why using CDNs for libraries is possible in the first place. If someone compromised ajax.googleapis.com for example, the world might be in a lot of trouble.
The only difference is that you’ll bypass the mixed content security warning when proxying scripts from http hosts.
Copy, don’t proxy.