#223 treeherder.mozilla.org ugly or broken

Closed
opened 3 months ago by FoxSpectator · 3 comments

Why does this happen? Are sites supposed to break or change because of this extension.
https://treeherder.mozilla.org/#/jobs?repo=mozilla-release&searchStr=addon
I thought there will be no consequences.
Also what does >> sign mean between two versions in popup panel of extension? As in:
Bootstrap (CSS) (v4.4.1 » v4.5.3)
Is breakage caused by those "upgrades"? Maybe you must exclude all such rules?
Of course site fixes itself if I turn off extension on that site, but I still call that a bug.

Why does this happen? Are sites supposed to break or change because of this extension. https://treeherder.mozilla.org/#/jobs?repo=mozilla-release&searchStr=addon I thought there will be no consequences. Also what does >> sign mean between two versions in popup panel of extension? As in: Bootstrap (CSS) (v4.4.1 » v4.5.3) Is breakage caused by those "upgrades"? Maybe you must exclude all such rules? Of course site fixes itself if I turn off extension on that site, but I still call that a bug.
nobody added the
question/discussion
label 3 months ago
nobody commented 3 months ago
Owner

Why does this happen? Are sites supposed to break or change because of this extension.

You want to prevent with the extension that external resources are loaded from CDN. If the operator of a website specifies from which sources the resources may be loaded, then there may be problems. These are security features designed to prevent malicious code from being executed. (see Wiki -> 7. A website looks weird or cannot be used. If I deactivate LocalCDN, everything works. What is the problem?)

Also what does >> sign mean between two versions in popup panel of extension? As in: Bootstrap (CSS) (v4.4.1 » v4.5.3)

That's an upgrade and a core feature of LocalCDN. Usually the upgrades are not a problem, but there are crap frameworks that are not always backward compatible.

Why are upgrades necessary?
Technically, they are not necessary, but it's unnecessary to integrate all 150 different versions of jQuery when 99.9% of all websites can be covered with 5 versions. It saves disk space because extensions can only be 200 MB max. It can even increase security if websites don't update a certain framework with a bug/security vulnerability.

jQuery and Bootstrap are 2 frameworks that are not 100% backward compatible in their main version (e.g. Bootstrap v5.x, v4.x, ..).

Of course site fixes itself if I turn off extension on that site, but I still call that a bug.

In the source code of the reported website are crossorigin and integrity attributes. This prevents anyone from replacing anything. If you enable the HTML filter (Firefox only), then these attributes are removed and LocalCDN is allowed to replace the resources. Chromium based browsers don't allow to replace CSS style or fonts. For these browsers the extension must be disabled on this websites.

> Why does this happen? Are sites supposed to break or change because of this extension. You want to prevent with the extension that external resources are loaded from CDN. If the operator of a website specifies from which sources the resources may be loaded, then there may be problems. These are security features designed to prevent malicious code from being executed. (see [Wiki -> 7. A website looks weird or cannot be used. If I deactivate LocalCDN, everything works. What is the problem?](https://codeberg.org/nobody/LocalCDN/wiki/Home#7-a-website-looks-weird-or-cannot-be-used-if-i-deactivate-localcdn-everything-works-what-is-the-problem)) > Also what does >> sign mean between two versions in popup panel of extension? As in: Bootstrap (CSS) (v4.4.1 » v4.5.3) That's an upgrade and a core feature of LocalCDN. Usually the upgrades are not a problem, but there are crap frameworks that are not always backward compatible. **Why are upgrades necessary?** Technically, they are not necessary, but it's unnecessary to integrate all 150 different versions of jQuery when 99.9% of all websites can be covered with 5 versions. It saves disk space because extensions can only be 200 MB max. It can even increase security if websites don't update a certain framework with a bug/security vulnerability. jQuery and Bootstrap are 2 frameworks that are not 100% backward compatible in their main version (e.g. Bootstrap v5.x, v4.x, ..). > Of course site fixes itself if I turn off extension on that site, but I still call that a bug. In the source code of the reported website are crossorigin and integrity attributes. This prevents anyone from replacing anything. If you enable the HTML filter (Firefox only), then these attributes are removed and LocalCDN is allowed to replace the resources. Chromium based browsers don't allow to replace ~~CSS style or~~ fonts. For these browsers the extension must be disabled on this websites.
Poster

Thanks for perfectly explaining. I actually previously had problems with integrity and cors when I downloaded github wikis via httrack, and they looked ugly because could not load css, images, js... Then I via search and replace master replace those attributes and html files were fixed. Just did not know that chrome does not allow html filter, too bad. Looks like then that also my code injector extension's html injection feature is useless in chrome. CSS and JS are good tough. One more reason to switch to Firefox. The only reason I used Chrome was because it has one benefit over Firefox, and it is that it allow extensions like Save Page WE to access cache, so no need to redownload page when saving. In Firefox Save Page WE is at least 20x slower than in Chrome.

Thanks for perfectly explaining. I actually previously had problems with integrity and cors when I downloaded github wikis via httrack, and they looked ugly because could not load css, images, js... Then I via search and replace master replace those attributes and html files were fixed. Just did not know that chrome does not allow html filter, too bad. Looks like then that also my code injector extension's html injection feature is useless in chrome. CSS and JS are good tough. One more reason to switch to Firefox. The only reason I used Chrome was because it has one benefit over Firefox, and it is that it allow extensions like Save Page WE to access cache, so no need to redownload page when saving. In Firefox Save Page WE is at least 20x slower than in Chrome.
FoxSpectator closed this issue 3 months ago
nobody commented 3 months ago
Owner

You're welcome 😊

Just did not know that chrome does not allow html filter, too bad.

While webRequest.onHeadersReceived is supported by all current browsers, webRequest.filterResponseData() is unfortunately only supported by Firefox. A feature request exists since 2015

Sorry, that was not quite correct on my side. JavaScript and CSS injections are possible in Chromium, but Fonts are not: GitLab Issue #67

You're welcome :blush: > Just did not know that chrome does not allow html filter, too bad. While [webRequest.onHeadersReceived](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onHeadersReceived#browser_compatibility) is supported by all current browsers, [webRequest.filterResponseData()](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/filterResponseData#browser_compatibility) is unfortunately only supported by Firefox. [A feature request exists since 2015](https://bugs.chromium.org/p/chromium/issues/detail?id=487422) Sorry, that was not quite correct on my side. JavaScript and CSS injections are possible in Chromium, but Fonts are not: [GitLab Issue #67](https://gitlab.com/nobody42/localcdn/-/issues/67)
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.