Had to enable 3 different external JS sources to get the page to work. I don't mind sites using CDNs but please try and reduce the surface for external threats!
are people doing this? What's the attack surface of a private hosted JS library vs. a well known TLS/SSL secured CDN for JS libraries? Threats are not restricted to CDNs.
That would depend on what CDN you use and how it works. If the CDN is just a caching CDN in front of your own site then the CDN typically won't be any more secure than your own site.
In case it's of any help to you, I use https://github.com/Synzvato/decentraleyes which had 2 of these 3 CDNs cached. And the 3rd (unpkg - an npmjs.com mirror) seemed not to be a hard requirement as far as I could tell.
On Android, pulling sliders from left to right bring out some type of index/menu drawer that obscures 90% of the screen, and I have to hit a narrow strip to dismiss it; if I miss that strip, I navigate away from the page.
It is quite difficult to do that on iOS since the "hit box" of the slider is rather small. You need to exactly hit the little point or it won't register (if you are used to iOS's native sliders, they are quite unsual).
18 comments
[ 2.7 ms ] story [ 51.3 ms ] threadCDN's fail. You already have a connection to the 'stuff.com' self-hosted js. If your site is up but the cdn breaks you have another problem.
Also the perf win for using a shared cdn version of for instance jquery is totally overstated. See discussions here too: https://news.ycombinator.com/item?id=11549131