Jump to content

Topic on Extension talk:Html5mediator/Flow

Extension loads JavaScript from third party server

2
Tonk (talkcontribs)

The extensions loads JavaScript from api.html5media.info/1.1.5/html5media.min.js - over an unsecured HTTP-connection. This is not mentioned on the extension page though it has severe security implications. Extensions should be self-contained; for a secure setup, no third party content must be loaded.

Jlemley (talkcontribs)

I followed the instructions here:

https://github.com/etianen/html5media/wiki/hosting-html5media

I copied the files to a "js" directory under the Html5mediator directory, and then added these lines after $wgHooks in the php file:

$wgResourceModules ['ext.Html5mediator.js'] = array (
     'localBasePath' => __DIR__ . '/js',
     'remoteExtPath' => 'Html5mediator/js',
     'scripts' => 'html5media.min.js'
);


Reply to "Extension loads JavaScript from third party server"