From 41dc366de1c480df64ea49375405b942e89e1aad Mon Sep 17 00:00:00 2001 From: Cedric Ziel Date: Sat, 8 Aug 2015 19:46:25 +0200 Subject: [PATCH 1/1] [FEATURE] Use HTTPS urls on all jquery cdns MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This change also adds cloudflares cdnjs as possible choice. Allowing the request over HTTP opens the door for side attacks. It’s always safe to request HTTPS assets even if your site is on HTTP, however the reverse is not true. Most CDNs recommend using HTTPS to request the assets now, see https://developers.google.com/speed/libraries/?csw=1 Releases: master Resolves: #68871 Change-Id: I5af913d664b4e6e02238a8d5320a87349019eaa6 Reviewed-on: http://review.typo3.org/42422 Reviewed-by: Morton Jonuschat Tested-by: Morton Jonuschat Reviewed-by: Göran Bodenschatz Reviewed-by: Cedric Ziel Reviewed-by: Wouter Wolters Reviewed-by: Jan Helke Tested-by: Jan Helke Reviewed-by: Anja Leichsenring Tested-by: Anja Leichsenring --- typo3/sysext/core/Classes/Page/PageRenderer.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/typo3/sysext/core/Classes/Page/PageRenderer.php b/typo3/sysext/core/Classes/Page/PageRenderer.php index 2de30209928a..f8609d93eda3 100644 --- a/typo3/sysext/core/Classes/Page/PageRenderer.php +++ b/typo3/sysext/core/Classes/Page/PageRenderer.php @@ -289,10 +289,10 @@ class PageRenderer implements \TYPO3\CMS\Core\SingletonInterface { * * The type "source" describes where the jQuery core should be included from * currently, TYPO3 supports "local" (make use of jQuery path), "google", - * "jquery" and "msn". - * Currently there are downsides to "local" and "jquery", as "local" only - * supports the latest/shipped jQuery core out of the box, and - * "jquery" does not have SSL support. + * "jquery", "msn" and "cloudflare". + * + * Currently there are downsides to "local" which supports only the latest/shipped + * jQuery core out of the box. * * @var array */ @@ -313,9 +313,10 @@ class PageRenderer implements \TYPO3\CMS\Core\SingletonInterface { * @var array */ protected $jQueryCdnUrls = array( - 'google' => '//ajax.googleapis.com/ajax/libs/jquery/%1$s/jquery%2$s.js', - 'msn' => '//ajax.aspnetcdn.com/ajax/jQuery/jquery-%1$s%2$s.js', - 'jquery' => 'http://code.jquery.com/jquery-%1$s%2$s.js' + 'google' => 'https://ajax.googleapis.com/ajax/libs/jquery/%1$s/jquery%2$s.js', + 'msn' => 'https://ajax.aspnetcdn.com/ajax/jQuery/jquery-%1$s%2$s.js', + 'jquery' => 'https://code.jquery.com/jquery-%1$s%2$s.js', + 'cloudflare' => 'https://cdnjs.cloudflare.com/ajax/libs/jquery/%1$s/jquery%2$s.js' ); /** -- 2.20.1