No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: nobody/LocalCDN#732
Loading…
Reference in new issue
There is no content yet.
Delete Branch '%!s(<nil>)'
Deleting a branch is permanent. It CANNOT be undone. Continue?
Hi, according to arkenfox's wiki
Is this correct and one doesn't need to use LocalCDN in FPI/dFPI mode?
Hi, good question 👍
From my point of view, it makes sense and you should use both. The reason is that they are two different things. FPI and dFPI isolating external resources on the client side. But it doesn't prevent anything that happens on the server side and it doesn't prevent the request itself.
You can use both together and in cases where LocalCDN can't work (e.g. SOP), you have (d)FPI as a kind of fallback.
Additionally: The fact that many websites use external scripts makes these CDNs a highly potential target for attacks. There has been a case where a malicious script was injected into the CDN system (July 2021 - www.bleepingcomputer.com).
Ok, if using FPI/dFPI doesn't prevent the server side call/(or rather "home calls"), then arkenfox's wiki should be more precise and LocalCDN is not
Don't Bother....The security aspect if a CDN is hacked is a nice side effect.
Regarding SOP, is there a way to have automatically a popup/messagebox appear when a
Cross-Origin Request Blocked: The Same Origin ...error appears in the console log, so one knows instantly that a website isn't working correctly? Otherwise one has to look consciously at the console log all the time when visiting a website to see for errors.Yes, I think so too. On the other hand, I wouldn't recommend this extension to everyone, because a user should know what's going on.
Unfortunately not, because this is a security feature and as far as I know isn't triggered by the browser tab but by the browser itself. As far as I know, an extension doesn't have access to that.
The SOP problems should be rare by now because there was a great change in Firefox 89.0a1 (see #369). Personally, I haven't had any SOP errors for a long time, but that doesn't have to be true for everyone because browsing behavior is extremely individual.
Was following https://bugzilla.mozilla.org/show_bug.cgi?id=1419459, but I see there's https://bugzilla.mozilla.org/show_bug.cgi?id=1694679, which indeed is great.
I think im going to open an issue regarding their
Third parties are already isolated if you use FPI/dFPIstatement, because the main purpose of LocalCDN is to prevent calls to certain CDN servers (if the CDN is in the mappings file) and keeping calls local, which FPI/dFPI does not do.Feel free to do that 👍
Maybe the already existing Issues are helpful:
https://github.com/arkenfox/user.js/issues?q=is%3Aissue+localcdn
Nothing under the already existing issues, but thanks for the suggestion.
Conclusion: Their wiki is completely incorrect on this issue (can you believe it, so many stars there, but can't get their wiki right. Who knows what else isn't right, say, their main one,
user.js).I'm closing this issue as it's clear now and FPI/dFPI doesn't prevent CDN connections, but LocalCDN does (only to those CDNs, who are in the mappings file (mentioning this one extra, because some people may think that it covers all CDNs)).
Thanks again.
Thanks for trying to correct this. I've read the wiki and the issues. They recommend to use uBlock in hard mode (Enumerating Goodness) and allow the CDN connections manually and individually. In the issue he writes:
That's contradictory in my opinion.
Anyway, there will be always people who think that one is better than the other. Extensions are a sensitive topic (similar to browsers, operating systems or systemd). There will never be a perfect way and the user must find the best possible solution for himself and for his individual case.