Just a heads up, we're enabling CSP in report only mode on wikis. This means if you are loading external resources in your user scripts, you might get an error in your javascript console. Don't panic, so far we are only enabling report only, and will of course give people notice before actually enabling it enforcing. At this stage we are just gathering information on what the impact of CSP would be on the wikis and what sort of external javascript is used in practise.
That said, if you are loading externally hosted javascript from your user JS page, we strongly suggest you do not do this for security reasons.
-- Brian
Just a further clarifying note: CSP stands for Content Security Policy.
I want to emphasize that most users should not need to worry about this. If you are a more advanced user and are wondering why your browser's developer console suddenly has new errors, this is why.
-- Brian
On Friday, October 26, 2018, Brian Wolff bwolff@wikimedia.org wrote:
Just a heads up, we're enabling CSP in report only mode on wikis. This
means if you are loading external resources in your user scripts, you might get an error in your javascript console. Don't panic, so far we are only enabling report only, and will of course give people notice before actually enabling it enforcing. At this stage we are just gathering information on what the impact of CSP would be on the wikis and what sort of external javascript is used in practise.
That said, if you are loading externally hosted javascript from your user
JS page, we strongly suggest you do not do this for security reasons.
-- Brian
Thanks for the clarifying note. That saved me a web search and probably a wholesome of tabs that I would have opened as a consequence ;-)
On 27 October 2018 02:18:20 GMT+05:30, Brian Wolff bwolff@wikimedia.org wrote:
Just a further clarifying note: CSP stands for Content Security Policy.
I want to emphasize that most users should not need to worry about this. If you are a more advanced user and are wondering why your browser's developer console suddenly has new errors, this is why.
-- Brian
On Friday, October 26, 2018, Brian Wolff bwolff@wikimedia.org wrote:
Just a heads up, we're enabling CSP in report only mode on wikis.
This means if you are loading external resources in your user scripts, you might get an error in your javascript console. Don't panic, so far we are only enabling report only, and will of course give people notice before actually enabling it enforcing. At this stage we are just gathering information on what the impact of CSP would be on the wikis and what sort of external javascript is used in practise.
That said, if you are loading externally hosted javascript from your
user JS page, we strongly suggest you do not do this for security reasons.
-- Brian
This means if you are loading external resources in your user scripts, you might get an error in your javascript console.
What does "external" mean in this context? Does loading scripts from e.g. Meta count as external for our chapter wiki (se.wikimedia.org)?
Best,
*Sebastian Berlin* Utvecklare/*Developer* Wikimedia Sverige (WMSE)
E-post/*E-Mail*: sebastian.berlin@wikimedia.se Telefon/*Phone*: (+46) 0707 - 92 03 84
On Sat, 27 Oct 2018 at 20:28, Kaartic Sivaraam < kaarticsivaraam91196@gmail.com> wrote:
Thanks for the clarifying note. That saved me a web search and probably a wholesome of tabs that I would have opened as a consequence ;-)
On 27 October 2018 02:18:20 GMT+05:30, Brian Wolff bwolff@wikimedia.org wrote:
Just a further clarifying note: CSP stands for Content Security Policy.
I want to emphasize that most users should not need to worry about this. If you are a more advanced user and are wondering why your browser's developer console suddenly has new errors, this is why.
-- Brian
On Friday, October 26, 2018, Brian Wolff bwolff@wikimedia.org wrote:
Just a heads up, we're enabling CSP in report only mode on wikis.
This means if you are loading external resources in your user scripts, you might get an error in your javascript console. Don't panic, so far we are only enabling report only, and will of course give people notice before actually enabling it enforcing. At this stage we are just gathering information on what the impact of CSP would be on the wikis and what sort of external javascript is used in practise.
That said, if you are loading externally hosted javascript from your
user JS page, we strongly suggest you do not do this for security reasons.
-- Brian
-- Sivaraam
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Wikitech-ambassadors mailing list Wikitech-ambassadors@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-ambassadors
No, meta is considered internal.
-- brian
On Tuesday, October 30, 2018, Sebastian Berlin < sebastian.berlin@wikimedia.se> wrote:
This means if you are loading external resources in your user scripts,
you might get an error in your javascript console.
What does "external" mean in this context? Does loading scripts from e.g.
Meta count as external for our chapter wiki (se.wikimedia.org)?
Best,
Sebastian Berlin Utvecklare/Developer Wikimedia Sverige (WMSE)
E-post/E-Mail: sebastian.berlin@wikimedia.se Telefon/Phone: (+46) 0707 - 92 03 84
On Sat, 27 Oct 2018 at 20:28, Kaartic Sivaraam <
kaarticsivaraam91196@gmail.com> wrote:
Thanks for the clarifying note. That saved me a web search and probably
a wholesome of tabs that I would have opened as a consequence ;-)
On 27 October 2018 02:18:20 GMT+05:30, Brian Wolff bwolff@wikimedia.org
wrote:
Just a further clarifying note: CSP stands for Content Security Policy.
I want to emphasize that most users should not need to worry about this. If you are a more advanced user and are wondering why your browser's developer console suddenly has new errors, this is why.
-- Brian
On Friday, October 26, 2018, Brian Wolff bwolff@wikimedia.org wrote:
Just a heads up, we're enabling CSP in report only mode on wikis.
This means if you are loading external resources in your user scripts, you might get an error in your javascript console. Don't panic, so far we are only enabling report only, and will of course give people notice before actually enabling it enforcing. At this stage we are just gathering information on what the impact of CSP would be on the wikis and what sort of external javascript is used in practise.
That said, if you are loading externally hosted javascript from your
user JS page, we strongly suggest you do not do this for security reasons.
-- Brian
-- Sivaraam
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Wikitech-ambassadors mailing list Wikitech-ambassadors@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-ambassadors
wikitech-ambassadors@lists.wikimedia.org