[FEATURE] Use HTTPS urls on all jquery cdns 22/42422/7
authorCedric Ziel <cedric@cedric-ziel.com>
Sat, 8 Aug 2015 17:46:25 +0000 (19:46 +0200)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sun, 9 Aug 2015 09:38:51 +0000 (11:38 +0200)
This change also adds cloudflares cdnjs as possible choice.

Allowing the request over HTTP opens the door for side attacks.
It’s always safe to request HTTPS assets even if your site is on
HTTP, however the reverse is not true.

Most CDNs recommend using HTTPS to request the assets now, see
https://developers.google.com/speed/libraries/?csw=1

Releases: master
Resolves: #68871
Change-Id: I5af913d664b4e6e02238a8d5320a87349019eaa6
Reviewed-on: http://review.typo3.org/42422
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Göran Bodenschatz <coding@46halbe.de>
Reviewed-by: Cedric Ziel <cedric@cedric-ziel.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/core/Classes/Page/PageRenderer.php

index 2de3020..f8609d9 100644 (file)
@@ -289,10 +289,10 @@ class PageRenderer implements \TYPO3\CMS\Core\SingletonInterface {
         *
         * The type "source" describes where the jQuery core should be included from
         * currently, TYPO3 supports "local" (make use of jQuery path), "google",
-        * "jquery" and "msn".
-        * Currently there are downsides to "local" and "jquery", as "local" only
-        * supports the latest/shipped jQuery core out of the box, and
-        * "jquery" does not have SSL support.
+        * "jquery", "msn" and "cloudflare".
+        *
+        * Currently there are downsides to "local" which supports only the latest/shipped
+        * jQuery core out of the box.
         *
         * @var array
         */
@@ -313,9 +313,10 @@ class PageRenderer implements \TYPO3\CMS\Core\SingletonInterface {
         * @var array
         */
        protected $jQueryCdnUrls = array(
-               'google' => '//ajax.googleapis.com/ajax/libs/jquery/%1$s/jquery%2$s.js',
-               'msn' => '//ajax.aspnetcdn.com/ajax/jQuery/jquery-%1$s%2$s.js',
-               'jquery' => 'http://code.jquery.com/jquery-%1$s%2$s.js'
+               'google' => 'https://ajax.googleapis.com/ajax/libs/jquery/%1$s/jquery%2$s.js',
+               'msn' => 'https://ajax.aspnetcdn.com/ajax/jQuery/jquery-%1$s%2$s.js',
+               'jquery' => 'https://code.jquery.com/jquery-%1$s%2$s.js',
+               'cloudflare' => 'https://cdnjs.cloudflare.com/ajax/libs/jquery/%1$s/jquery%2$s.js'
        );
 
        /**