21 Home
nobody edited this page 1 week ago

Welcome to the LocalCDN Wiki!

LocalCDN is a web browser extension for your Firefox that emulates CDNs (Content Delivery Networks). It intercepts the network traffic between a website and remote CDNs, finds supported resources locally, and injects them into the environment. All of this happens automatically, so no prior configuration is required.


Note: You can open these triangles:

CDNs



Here are some of the most frequently asked questions:

  1. Which CDNs and frameworks are supported exactly? Where can I check this?
  2. Can I use this extension in my Chrome Browser?
  3. Can I see which frameworks are requested by a website? Can this extension also logging?
  4. My native language is not fully supported. Some of the content is in English. Can I translate that somewhere?
  5. You recently changed something in the code and I would like to test it. How can I do that?
  6. Why do I need this rule generator? I use an adblocker and want to import these rules. How does it work?
  7. A website looks weird or cannot be used. If I deactivate LocalCDN, everything works. What is the problem?
  8. Please add the framework ____
  9. I have installed some other extensions. Can I install LocalCDN? Is it compatible?
  10. In the screenshots I see the Dark Mode. How can I activate that?
  11. Can I check if LocalCDN really works?
  12. LocalCDN is not recommended by Mozilla. Is it safe to use this extension?
  13. Can I use LocalCDN in Firefox for Android (Fenix)?
  14. I don’t know your name. How can I trust you?
  15. What do you think about Black-Lives-Matter?
  16. Do you have an overview of all donations and expenses?

1. Which CDNs and frameworks are supported exactly? Where can I check this?

LocalCDN is Open Source so you can of course check out the code. You can either download the extension manually here (right click and ‘Save as..') or you can check the following sections:

CDNs CDNs (Develop branch)
ajax.googleapis.com
ajax.aspnetcdn.com
ajax.microsoft.com
cdnjs.cloudflare.com
code.jquery.com
cdn.jsdelivr.net
fonts.googleapis.com
yastatic.net
yandex.st
apps.bdimg.com
libs.baidu.com
cdn.staticfile.org
cdn.bootcss.com
mat1.gtimg.com
lib.sinaapp.com
upcdn.b0.upaiyun.com
stackpath.bootstrapcdn.com
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
use.fontawesome.com
ajax.cloudflare.com
akamai-webcdn.kgstatic.net
gitcdn.github.io
sdn.geekzu.org
ajax.proxy.ustclug.org
unpkg.com
pagecdn.io
cdn.css.net
cdnjs.loli.net
ajax.loli.net
fonts.loli.net
lib.baomitu.com
cdn.bootcdn.net
CDNs
Frameworks (main branch) Frameworks (develop branch)
You can find the included frameworks/libraries in
https://codeberg.org/nobody/LocalCDN/src/branch/main/core/resources.js
and
https://codeberg.org/nobody/LocalCDN/src/branch/develop/core/resources.jsFrameworks

2. Can I use this extension in my Chrome Browser?

Yes, it’s possible. For publishing you need a Google Account. I don’t have one and don’t want one 😉 But Emanuel Bennici takes the source code and publish LocalCDN in the Chrome Web Store.

There are some restrictions for Chrome and Chromium based browsers. While both browsers support the WebExtensionsAPI, there are still differences. Chromium unfortunately doesn’t support all the cool features of LocalCDN.

Open Chromium incompatibilities

3. Can I see which frameworks are requested by a website? Can this extension also logging?

Of course, but logging is disabled by default.

3.1. Enable logging

Enable logging

3.2. Get logging informations

Open “Browser Console” with CTRL + SHIFT + J or the menu

Get logging informations Get logging informations

3.3. Enable “Show Content Messages” and use the filter

Enable “Show Content Messages” and use the filter Enable “Show Content Messages” and use the filter

Open instructions

4. My native language is not fully supported. Some of the content is in English. Can I translate that somewhere?

Yes you can and that would make me and other users very happy. LocalCDN uses the Open Source tool ‘Weblate’ for this. You can register there and start directly or you can make suggestions (without registration). I will accept them as soon as possible.


5. You recently changed something in the code and I would like to test it. How can I do that?

That would be great.

⚠️ Please use a different user profile (about:profiles) for this, because your previous settings will be deleted when you remove the temporary extension ⚠️

Follow these links or watch the video:


6. Why do I need this rule generator? I use an adblocker and want to import these rules. How does it work?

Your adblocker must forward the traffic to LocalCDN so that LocalCDN can detect the requests and replace them with local resources.

If you are using an adblocker (uBlock Origin, uMatrix or AdGuard) you can generate some rules in the LocalCDN settings. Please remember that these rules have to be inserted manually into your adblocker.

For uBlock Origin the following also applies: These rules are only relevant in “Medium Mode”. They are not supported in Easy Mode or default settings. For more information, please visit the uBlock Origin Wiki.


7. A website looks weird or cannot be used. If I deactivate LocalCDN, everything works. What is the problem?

There are different reasons for this. Either it is caused by missing frameworks or the HTML filter.

In some cases the layout of a website is broken, even the add-on is working.

The problem isn’t caused by CDNs, any frameworks or LocalCDN, but of the website that includes the external JavaScript/CSS file. In the console of your browser (Ctrl + Shift + K) you can find error messages like this:

SOP error in browser console

At the moment I haven’t found a way to fix this, because the SOP (Same Origin Policy) is a security feature:

The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.

A bugreport already exists, but with the lowest priority. See Bugzilla #1419459

More informations about SOP (Same-origin policy)

--

I created a small test tool to check the header for a CSP:

https://www.localcdn.org/test/cspcheck

Update 2020-05-30 (LocalCDN v2.2.5)

The DOM manipulation is no longer activated by default, but must be manually activated by the user for each page. If it is active, display problems can still occur.

Update 2020-05-21 (LocalCDN v2.2.2)

The encoding problem should be solved with v2.2.2

Update 2020-05-10 (LocalCDN v2.2.0)

In many cases this has been fixed by modifying the HTML source code of a website. This results in minimal extended loading times when a web page is called, but this should not be noticeable.

However, there are still some websites which use strict SOPs and still cause problems because the SOP problem still exists.

Missing frameworks

When you get a blank web page, this may be caused by LocalCDN. If the page loads when you disable LocalCDN, please open an issue and tell me the URL.

As you may know, LocalCDN modifies the HTML source code. There are a lot of charsets, so that a computer can read and display text with special characters. UTF-8 should actually be a standard. Unfortunately, there are some websites that use a different charset. This charset is communicated to your browser in different ways and a lot of this has already been taken into account in LocalCDN. If there are problems, just open an issue and I’ll take a look at this websites.

Unfortunately, there are too many websites that you can test all of them.

Use cases for LocalCDN:

  1. websites without frameworks
  2. websites with frameworks and a strict SOP/CORS
  3. websites with frameworks, without SOP/CORS/attributes*
  4. websites with frameworks, with attributes*

*) crossorigin and/or integrity attributes

What can LocalCDN do:

  1. Nothing
  2. Nothing
  3. Replace
  4. Filter and replace

normally you have to split the fourth case:

4a) Websites without user input

4b) Websites with user input and UTF-8 charset

4c) Websites with user input and non-UTF-8 charset

Considering these cases, the filter will only work in cases 4a and 4b. The user input could cause errors or the database* would contain corrupted data if a database* behind cannot handle a different charset. This can happen because the frontend uses e.g. ISO-8859-1 and nobody expects this.

*) database or any other service behind

⚠️ Errors ⚠️

There can be always character errors, although e.g. the website uses UTF-8 and defines this in the header and/or source code. See here: Issue#53. I don’t prefer to activate the HTML filter permanently, but only when necessary. You have to disable the HTML filter for the affected web page.

Issues or questions about the HTML filter option

Useful information about charsets

HTML filter

8. Please add the framework ____

Someone asked if I can add a specific framework. First of all, LocalCDN emulates CDNs to improve your online privacy and prevent cross-site profiles about you and your habits. When a website hostes these frameworks itself, then this is okay for privacy. You have no privacy advantages if you exchange the frameworks that are stored locally on the web server. The operator knows you anyway, e.g. Youtube, Twitter, Facebook and Discus. They always knows which page you are currently using.

Google Fonts will not be integrated, because this is not necessary to display a web page. If the web page includes Google Fonts and you block them by uBlock, the browser will use the default font instead. Apart from the fact that in my opinion it is not necessary, it is technically not possible to include all Google Fonts. The complete package of all Google Fonts is uncompressed 950 MB (compressed 390 MB in size. Just have a look into this folder. Extensions have a limitation of 200 MB. So you have to check all Google Fonts, which is popular and which should be included and which not. I don’t want to do that.

Youtube doesn’t include any external framework and Twitter is using an own CDN (abs.twimg.com). When you’re using one of them only “passive”, you can try “Invidious” or “Nitter”, that’s an alternative front-end without 3rd party scripts and CDNs. When you use Youtube/Twitter actively, it doesn’t matter if the scripts are loaded locally.

This are the reasons why LocalCDN isn’t supported now and will not be in future:

  • Google Fonts
  • Yandex Metrika (watch.js)
  • Google Plus One (plusone.js)
  • Twitter widgets (widgets.js, client.js)
  • Facebook (en_US/all.js)
  • Disqus
  • embedded self-hosted scripts from Youtube, Twitter, ...

9. I have installed some other extensions. Can I install LocalCDN? Is it compatible?

Normally yes. At the moment I know only HTTPS Everywhere and NoScript.

In my opinion the extension is no longer necessary due to various browser and server functions, so I haven’t used it for a long time. Because I don’t deal with it anymore, I can’t answer any questions about it.

If you still want to use HTTPS Everywhere, you can find more information on this topic at Decentraleyes.

In short: LocalCDN always tries to establish secure connections when requests are to be allowed through.

  1. Open HTTPS Everywhere while visiting a website.
  2. Disable all rules within the “Stable Rules” section, except the rule next to “localcdn.org”.
  3. Finish

Important: This seems to affect all browsers except Firefox and Firefox based

HTTPS Everywhere

NoScript doesn’t support importing the CDNs. So you have two options:

  1. allow the connection manually
  2. export and import settings

The second way: You have to export, edit and re-import your NoScript configuration. In your exported file you will find a section “sites” and “trusted”. By default, domains/CDNs are already included there:

    ...
    
    "sites": {
      "trusted": [
        "§:addons.mozilla.org",
        "§:afx.ms",
        "§:ajax.aspnetcdn.com",
        "§:ajax.googleapis.com",
        "§:bootstrapcdn.com",
        "§:code.jquery.com",
        ...

You can attach the CDNs there. Duplicate entries are automatically removed during import.

NoScript

10. In the screenshots I see the Dark Mode. How can I activate that?

Normally this should happen automatically.

Normally Firefox detects this automatically and depends on the operating system and/or theme. Keyword: prefers-color-scheme (developer.mozilla.org)

If the automatic detection does not work (because you set privacy.resistFingerprinting to true), the operating system or the Firefox theme does not support it, you can also set it manually:

  • Open about:config
  • Search for “ui.systemUsesDarkTheme
  • If available, change the value to 1. If not, then create the entry (Type = Number) and set it to 1

That’s it. 😉

Enable Dark Mode

If not, you will find the solution here

11. Can I check if LocalCDN really works?

An external framework (e.g. jQuery) will not be listed as a network connection if LocalCDN can replace the framework. You will only find external connections there. LocalCDN redirects to a local file, however.

How can I check if LocalCDN really works?

You can see the redirection through the source code. On the web page just right click and select “View Page Source”. In the source code you will find e.g. this:

<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>

If you copy this link, paste it into the address line, you will be redirected to the local file. Please do not just click on the link, because this will redirect you to this:

view-source:https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js

If you open https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js, you will be forwarded to moz-extension://e129e293-bad9-44d2-ab61-9a5cacb106be/resources/jquery/2.2.4/jquery.min.jsm. The extension ID (e1..be) is random.

Example: https://www.localcdn.org/dl/how_can_i_check_if_localcdn_really_works.mp4

Yes you can

I don’t know the exact definitions for “Recommended” and how often this will be checked. Definitely not with every update. The badges are also no guarantee that an extension protect your privacy. Do you remember “Web of Trust”? These extension was also recommended by Mozilla for a while. So you can use the badges as a orientation, but it isn’t a guarantee.

I wrote Mozilla an e-mail about this a few weeks ago, but they still haven’t answered me. Maybe Mozilla is busy at the moment because of less employees, Fenix and the new badges (I already applied for it)

Mozilla has published here some tips about the missing badges. These badges are only available for Firefox. Chromium has no such labels at all.

If you have a question about a certain line of code or a certain section of code, just create a ticket and I will answer the question.


13. Can I use LocalCDN in Firefox for Android (Fenix)?

Yes, because I have already tested it. Unfortunately Mozilla hasn’t unlocked all extensions for it. I don’t know when this will finally happen. If you are using Firefox Nightly (Mobile), you can create your own collection and include a maximum of 25 extensions. Expanded extension support in Firefox for Android Nightly

You can also use my collection:

Collection owner: 15698979
Collection name: nobody

Content:

  • uBlock Origin
  • uMatrix (end-of-life)
  • Privacy Redirect
  • NoScript
  • Neat URL
  • Smart Refer
  • Skip Redirect
  • Temporary Containers
  • First Party Isolation
  • WebAPI Manager (end-of-life)
  • ClearURLs
  • Decentraleyes
  • LocalCDN
  • floccus

Are you missing an extension? Then open an issue and I’ll add this extension. Collections currently limited to 25, but Mozilla wants to expand it to 50.


14. I don’t know your name. How can I trust you?

The skepticism is good and should always be the case. There aren’t many developers who publish more than their name. A good example are Custom ROMs. Many times I see only a name and maybe a country, but nothing more. As a developer you also want to protect your privacy, because something once published on the internet cannot be removed. If you publish your name nobody will check it. So I can write what I want. If you just need a name to trust me, just call me Marc 😉

Privacy is important for me. Mine but also yours. I like it when you report missing frameworks, bugs or suggestions on Codeberg, because I delete emails automatically after 14 days. If you report something to me via email, I have to add it manually on Codeberg. Why do I do that? If a missing framework was reported by e-mail and I want to visit this website a second time, I don’t know which website it is after 14 days. Suggestions and bug reports should also be public. You do not have to write long text.

Instead of publishing my name, I do other things that might be important:

  • no external connections by LocalCDN
  • internal statistics of LocalCDN disabled by default (will not be transmitted anyway)
  • small commits to better understand code changes
  • all commits are signed with GPG
  • The translation platform is Weblate (Open Source) and translations without registration possible
  • Codeberg instead of GitHub, GitLab or other platforms that collect and analyze your data
  • The website (www.localcdn.org) doesn’t use cookies, tracking or analysis tools
  • Server logfiles are automatically deleted after 5 days
  • Emails are automatically deleted after 14 days
  • Contact by e-mail with PGP encryption possible

15. What do you think about Black-Lives-Matter?

People who know me know that I’m absolutely against racism. We are all human. Right now we are alone in this huge universe. Every human being deserves to be respected. No matter what skin color, nationality, gender, religion or anything else. Racism is stupid.

The branch name was changed from Master to Main some time ago. I know that the source code of LocalCDN contains discriminating terms like whitelist and blacklist. I will change these terms to “Allowlist” and “Blocklist”. Unfortunately this isn’t easy because I used the same terms for the extension storage. I could change this in the next version, but if a user skips exactly this update, it could cause problems. So yes, I will change that, but it takes some time. Issue that containing these changes: #138

No matter if before or after this change: I’m against racism.

Of course I also hate all other stupid things that harm or disadvantage another person (war, terror, violence, etc.)

My message to all racists and all who harm or disadvantage people: 🖕


16. Do you have an overview of all donations and expenses?

Yes, you can find this overview here.