localcdn with ssllabs enabled causes false sslab reading #28

Closed
opened 2 years ago by Tzatz · 2 comments
Tzatz commented 2 years ago

https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

Take a quick look, enabled, then disabled;

I'm assuming your addon is adding a layer of privacy by filtering js and not downgrading tls and ssl connections.

https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html Take a quick look, enabled, then disabled; I'm assuming your addon is adding a layer of privacy by filtering js and not downgrading tls and ssl connections.
Poster

Image 1 with, image 2 without LocalCDN

Image 1 with, image 2 without LocalCDN
Owner

Thanks for your report.

The reason is very simple: jQuery cannot be loaded if LocalCDN is enabled because integrity and crossorigin attributes are set in the HTML source code. Therefore the website shows default values. The user doesn't see a warning, because Javascript can be executed in principle. You can see the warning if you deactivate Javascript completely.

If you activate the second switch, the attributes are removed and jQuery can be loaded by LocalCDN. Afterwards the correct results are displayed.

The same happens if you disable LocalCDN: the page loads jQuery from Cloudflare and displays the correct values.


Update 12 June 2020

If you have any questions, you are welcome to reopen this issue.

Thanks for your report. The reason is very simple: jQuery cannot be loaded if LocalCDN is enabled because integrity and crossorigin attributes are set in the HTML source code. Therefore the website shows default values. The user doesn't see a warning, because Javascript can be executed in principle. You can see the warning if you deactivate Javascript completely. If you activate the second switch, the attributes are removed and jQuery can be loaded by LocalCDN. Afterwards the correct results are displayed. The same happens if you disable LocalCDN: the page loads jQuery from Cloudflare and displays the correct values. ----- **Update 12 June 2020** If you have any questions, you are welcome to reopen this issue.
nobody closed this issue 2 years ago
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.