Feature #72169
closed
Fluid: Included jquery libs should be included using https:// connection.
100%
Description
The extension "fluid" includes jquery libraries form google cdn. This include should be done with https:// instead of http:// protocoll.
root/typo3/sysext/fluid/Configuration/TypoScript/setup.txt:
# includes jQuery library and default styles for Fluid Autocomplete Widget
page.headerData.998 = TEXT
page.headerData.998.value (
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<link rel="stylesheet" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" type="text/css" media="all" />
<link rel="stylesheet" href="http://static.jquery.com/ui/css/demo-docs-theme/ui.theme.css" type="text/css" media="all" />
)
This should be changed to:
# includes jQuery library and default styles for Fluid Autocomplete Widget
page.headerData.998 = TEXT
page.headerData.998.value (
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<link rel="stylesheet" href="http://ajaxs.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" type="text/css" media="all" />
<link rel="stylesheet" href="https://static.jquery.com/ui/css/demo-docs-theme/ui.theme.css" type="text/css" media="all" />
)
There should be also an option to prevent the extension to generate the headerData if jquery is already included (by t3jquery for example)
Updated by
Updated by Sascha Egerer over 8 years ago
That TypoScript should be dropped completely as it doesn's make really sense...
And the best way would be to use "//ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js" so the browser does automaticallly use the protocol of the current request.
Updated by Mathias Brodala over 8 years ago
Sascha Egerer wrote:
And the best way would be to use "//ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js" so the browser does automaticallly use the protocol of the current request.
No, the best way is to always use HTTPS. Period. :-)
Updated by Ingo Reuter over 8 years ago
Sorry. There is a typo in my ticket:
Ingo Reuter wrote:
This should be changed to:
[...]<link rel="stylesheet" href="http://ajaxs.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" type="text/css" media="all" />
[...]
Of course this request should use https:// as well. The correct way would be:<link rel="stylesheet" href="https://ajaxs.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" type="text/css" media="all" />
Updated by Gerrit Code Review over 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45221
Updated by Gerrit Code Review over 8 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45221
Updated by Gianluigi Martino over 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 10e916647c4ea26e377dcb9b31a4370f3ac7cd16.
Updated by