According to @beaufortfrancois, we should no longer be using protocol-
relative URIs. He quotes this passage from Paul Irish:
> Now that SSL is encouraged for everyone and doesn’t have performance
> concerns, this technique is now an anti-pattern. If the asset you
> need is available on SSL, then always use the https:// asset.
> Allowing the snippet to request over HTTP opens the door for attacks
> like the recent Github Man-on-the-side attack. It’s always safe to
> request HTTPS assets even if your site is on HTTP, however the
> reverse is not true.
Source: https://www.paulirish.com/2010/the-protocol-relative-url/
This change was begun with the following command:
git grep -l "'//" | xargs sed -i "s@'//@'https://@g"
Some changes made by that command were false-positives, which I then
reverted manually. Others required additional cleanup to meet style
rules.
I've also just discovered that the "max-len" rule in eslint's Google
style config exempts URIs, so there's no need to disable the max-len
rule on URIs in the assets list. These have been removed in the asset
list where unnecessary.
Finally, testing these updated URIs led to the discovery that two of
our third-party demo assets are no longer available. One URI needed
to be updated. The other had no obvious replacement, so it was
removed.
Closes#1390
Change-Id: I2fe23faec04f1904c1741236b364d5089900092a
- Move the note about EME and HTTP to the top of the DRM config
tutorial
- Reference this note in both the server authentication and license
wrapping tutorials
Closes#928
Change-Id: Ibb47053c6ce5db1e1b120e0bb810c1f9f9069a82
By exporting StringUtils and Uint8ArrayUtils, we can simplify the
process of wrapping, unwrapping, and parsing requests and responses
in NetworkingEngine filters.
This makes it easier to write filters that deal with text-based
data, as it is no longer the job of the application developer to
deal with subtle conversions between string and ArrayBuffer.
We will also fill in requests with defaults if needed. This allows
developers to omit fields when initiating extra requests at the
application level.
Closes#667
Change-Id: Ie6a0f23b4d46e7e458d996759eac6cd85a36b741
태재영
Sandra Lokshina
Joey Parrish