Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDN check failure should not throw up a warning #573

Closed
eloquence opened this issue Dec 17, 2018 · 0 comments
Closed

CDN check failure should not throw up a warning #573

eloquence opened this issue Dec 17, 2018 · 0 comments
Assignees
@chigby
Labels
landing page scanner

Comments

@eloquence
Copy link
Member

Per the original spec (#488), use of a CDN like Cloudflare should not cause a warning (moderate or severe), provided no assets are loaded from a third party domain. We still consider CDNs like Cloudflare problematic for SecureDrop landing pages (and the official recommendation in the docs is "consider avoiding"), but there are other security reasons news organizations may prefer to use them, and on balance, we're not making an effort to discourage their use (indeed, we use Cloudflare for SecureDrop.org).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chigby chigby

Labels
landing page scanner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eloquence @chigby