A client of ours has a Silverstripe website that they're hosting with a company that applies the Cloudflare CDN to their hosting plan.
We can't access the Cloudflare settings but want to alter one of the settings "Rocket Launcher" so it doesn't touch the Silverstripe CMS Javascript files (lib.js, leftandmain.js).
It is possible to make Rocket Launcher ignore a script:
<script data-cfasync="false" src="/javascript.js"></script>
However the CMS javascript is dynamically loaded by core Silverstripe code:
Requirements::combine_files('leftandmain.js', $leftAndMainIncludes);
Is it possible to add the data-cfasync="false" variable to the script tag by extending the core code?
I want the output to read:
<script type="text/javascript" data-cfasync="false" src="/assets/_combinedfiles/leftandmain.js?m=1486678668"></script>
Any help is appreciated.
Doesn't look to be an easy place in Requirements_Backend. Could do it using a RequestFilter. Use a regex or simple replace to modify the response body.
Related
We have our custom JS that are used by our clients on their websites. Is there any way to have the JS load asynchronously on my clients' websites (any configurations from our end) or it needs to be done only by our clients using a cache plugin?
JS Example - <script src="https://cdn.domain.com/5670e553459091885818c74beba82.js"></script>
It's currently render-blocking according to Google's PageSpeed Test and affecting page performance.
Thanks
Add async/defer attribute to the script.
<script async src="https://cdn.domain.com/5670e553459091885818c74beba82.js"></script>
Or
<script defer src="https://cdn.domain.com/5670e553459091885818c74beba82.js"></script>
When I load My website from Oman there is extra script being loaded that does not exist in my source code. This script dose not appear when I load from any other country. This script makes my website take more time to timeout using chrome, while it is loaded successfully from edge.
I am hosting my website on IIS, it is a php, html and js website only.
I using IIS10, PHP5 and MySQL 5.7
I am hosting my website in Oman, and this IP is owned by one of the ISP in Oman
Here is the script which appears exactly before the end of the body tag
<script type = 'text/javascript' id ='1qa2ws' charset='utf-8' src='http://212.72.31.34:8080/www/default/base.js'{$MarketingParam$}></script></body>
1- Is that really injected script?
2- If I can not remove it, How to block it from being called?
Yes, it's an ISP injecting the script. You can stop it by moving your website from insecure HTTP to HTTPS.
I found one small solution,
you can either delete the tag where ISP is looking for it to inject.
as they mentioned in other questions, browsers are closing the tags by itself.
or adding the following script instead of the tag
<script type="text/javascript">
$(document).ready(function(){
$('body').append("</bo"+"dy>");
});
</script>
adding the scripts worked for me.
How hide src url of loaded iframe, is it possible?
Maybe there is a secret?
Is it possible to upload html to cache in iframe and after hide url?
Another good feature is to hide the location paths of your important scripts. I found a great npm plugin for this https://www.npmjs.com/package/location-hide
This works also for php href, src, content it will use everything inside src=""
It turns
<script src="test/folder/sample.js" type="text/javascript"></script>
<link href="test/stylesheet/perfect-scrollbar.css" rel="stylesheet">
into
<script src="TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR" type="text/javascript"></script>
<link href="gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq" rel="stylesheet">
And it generate new jquery include codes like this to include your scripts with javascript in a external file
$('[src=\'TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR\']').attr("src", "test/folder/sample.js")
$('[href=\'gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq\']').attr("src", "test/stylesheet/perfect-scrollbar.css")
Also I would suggest you that you include all of your external javascript codes in 1 single js file. This file you place in the root of your index file that you can make this
<script src="./allinone_external_file.js" type="text/javascript"></script>
Then make right htaccess that nobody can acces this file. You can also make a fake import script for the source code that every body can see. But this file is only a redirect for the real external js file. you make this multiple times as example + use other obfuscation tools. This will protect you from people searching exploits with your javascript codes. I know its no big deal and maybe you can see the jquery include codes if you know how. But anyway it´s a great protection.
What you are describing isn't possible, but you can encrypt the URL so it looks like the example below:
src="/my-page.php?a=x3d!evIc2HwXyny3JmcgLSvNwdy"
You can do ...:
.html file
<script src="jquery" type="text/javascript"></script>
.htaccess
RewriteEngine on
RewriteRule ^jquery?$ file_url/test.js?v=1.1.3 [NC,L]
I'm using the out-of-the-box JQuery UI tabs- they work fine on an unsecured page but not on the secure https:// page.
I'm calling my scripts like this:
<script src="//code.jquery.com/ui/1.8.22/jquery-ui.min.js" type="text/javascript"></script>
<script src="//jquery-ui.googlecode.com/svn/tags/latest/external/jquery.bgiframe-2.1.2.js" type="text/javascript"></script>
<script src="//jquery-ui.googlecode.com/svn/tags/latest/ui/minified/i18n/jquery-ui-i18n.min.js" type="text/javascript"></script>
Examples here:
http://ntcla.com/fb-static.php and
https://ntcla.com/fb-static.php
(see map at the bottom of the page)
Any help is appreciated!
It looks like there is an SSL cert error on the code.jquery.com link. You could just download it and host it on your own site/CDN.
SSL certificate error will be thrown when you try using any js in following manner
download above files and copy them on your server and access them using relative paths on your script
Right now I have the following links in my code:
<script src="#Url.Content("~/Scripts/jquery-1.4.4.min.js")" type="text/javascript"></script>
etc ...
I'd like to make use of the google.com cached copies. I heard google is the best source but please correct me if I am wrong.
Anyway is it possible for me to code my application so it uses code from google if available and locally if not. FYI I am using Microsoft MVC3 and the Msoft cloud servers.
Thanks
Sure, check out how they do it in HTML5 boilerplate.
If you take a look at the bottom of the index.html file within the GitHub repo, you'll see the following...
<!-- Grab Google CDN's jQuery, with a protocol relative URL; fall back to local if offline -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/X.X.X/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="local/jquery-X.X.X.min.js">\x3C/script>')</script>
NB: In the code snippet above X.X.X should be replaced with the jQuery version number that you're using (e.g. 1.8.2).
How does it work?
First, an attempt is made to grab the CDN version (Google's CDN url is used above, but of course you could link to any source you like).
Immediately afterwards, we check for the jQuery global object.
If jQuery does not exist, the obvious assumption is that we didn't manage to get the code from the CDN, so then we document.write a script tag to get a copy from a local source instead.
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="#Url.Content("~/Scripts/jquery-1.4.4.min.js")">\x3C/script>')</script>