Use raw.githubusercontent.com instead of raw.github.com for binaries #99
Conversation
According to [Github](https://developer.github.com/changes/2014-04-25-user-content-security/) to avoid XSS all user-generated content must be accesed from alternative domain: `raw.githubusercontent.com`.
|
can we please merge this. all of our builds are failing until this is pushed. |
|
We are also stuck for now. please merge this request |
|
Please merge 👍 |
|
👍 |
|
🆒 |
|
please merge this |
|
Please merge. |
|
:merge_it: |
No 😑 |
|
someone for the love of god merge this and unblock me |
|
🙏 merge. |
|
Can I get a MERGE ma bro |
|
🆘 |
|
If you don't have any new information to add please 👍 an existing message instead of adding duplicates or spamming gifs. The fewer messages the maintainers have to read through the faster they'll get a fix released 😉 |
|
|
| @@ -3,7 +3,7 @@ const path = require('path'); | |||
| const BinWrapper = require('bin-wrapper'); | |||
| const pkg = require('../package.json'); | |||
|
|
|||
| const url = `https://raw.github.com/imagemin/pngquant-bin/v${pkg.version}/vendor/`; | |||
| const url = `https://raw.githubusercontent.com/imagemin/pngquant-bin/v${pkg.version}/vendor/`; | |||
There was a problem hiding this comment.
should this be in a encodeURI() call?
There was a problem hiding this comment.
@shaun-sweet encodeURI() has no sense here, it does not encode specials characters like :, . or / that can be found in this URL, please do not confuse with encodeURIComponent(). Please the the corresponding article on MDN.
|
Published v5.0.2. |
|
In my case, it failed in githubusercontent, but it successed in github. |
According to Github to avoid XSS all user-generated content must be accesed from alternative domain:
raw.githubusercontent.com.Current:
Updated:
UPD: as @cadejscroggins indicated below
raw.github.comseems to be working now, but would be nice to be sure that issue will not appear again some day.