Topic on Extension talk:Html5mediator

Extension loads JavaScript from third party server

2 comments • 20:29, 6 September 2017 6 years ago
2
Tonk (talkcontribs)

The extensions loads JavaScript from api.html5media.info/1.1.5/html5media.min.js - over an unsecured HTTP-connection. This is not mentioned on the extension page though it has severe security implications. Extensions should be self-contained; for a secure setup, no third party content must be loaded.

Reply 10:20, 8 May 2017 6 years ago
Jlemley (talkcontribs)

I followed the instructions here:

https://github.com/etianen/html5media/wiki/hosting-html5media

I copied the files to a "js" directory under the Html5mediator directory, and then added these lines after $wgHooks in the php file:

$wgResourceModules ['ext.Html5mediator.js'] = array (
     'localBasePath' => __DIR__ . '/js',
     'remoteExtPath' => 'Html5mediator/js',
     'scripts' => 'html5media.min.js'
);
Reply 20:29, 6 September 2017 6 years ago
Reply to "Extension loads JavaScript from third party server"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Tq5eyb7k4cuz3htl"