DO Ideas 2

Host locally your external client resources (js, images, fonts and css) in your admin panel

As Heavy NoScript user (and complete paranoid person), you should host all your external client resources (javascript, images, fonts and stylesheets) in your admin panel or at least give us a setting to turn on this feature (like reddit does).
IMHO since this is something really sensitive you shouldn't build your web panel this way, it just increases the risk for client-side attacks if one of those sites gets compromised.

Currently you require us to trust the next sites while working in the panel (noscript image http://i.imgur.com/Brfp89J.png):

typekit.net
gtstatic.com
maps.googleapis.com
cloudfront.net
cloud-cdn-digital-ocean-com.global.ssl.fastly.net
siftscience.com
egment.com
customer.io
segment.io
keen.io

I don't think more than two of this sites are a hard requirement for your panel (like maps.google*, whats up with that?).

  • Jorge Ivan Burgos Aguilar
  • Sep 11 2018
  • Attach files