•  
      request #11160 API Explorer should not download stylesheet from an external source
    Infos
    #11160
    Thomas Gerbet (tgerbet)
    2018-02-16 19:30
    2018-02-16 14:21
    11433
    Details
    API Explorer should not download stylesheet from an external source
    Since request #10893 when accessing the API Explorer a stylesheet for FontAwesome is loaded from a CDN, Tuleap should avoid doing that.

    Not all the users browsing a Tuleap instance can access to outside their local network and we have no guarantee the downloaded stylesheet is always the same since subresource integrity [1] [2] is not used.

    [1] https://w3c.github.io/webappsec-subresource-integrity/
    [2] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
    API (SOAP|REST)
    9.16
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-02-16
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2018-02-16 15:02
    A patch is under review: gerrit #10595.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from Under implementation to Under review