Worth grepping your source code for "polyfill.io" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript
My notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack
@simon I have never understood deploying a web app that then has to drag in code from a 3rd party site.
@royalrex @aslakr @woltiv @draeh each site gets its own, separate cache - if you visit a.com and b.com and both of them load the same copy of jQuery from a CDN your browser will fetch that jQuery copy twice and store it in the cache twice, once for each of those sites
More info here: https://github.com/shivanigithub/http-cache-partitioning
@woltiv @simon @royalrex @aslakr @draeh Exactly!
Same applies not just for JavaScript but e.g. also to fonts (such as Google Fonts) vs just shipping the font files on your own.
No 3rd party requests, no 3rd party tracking my visitors, no 3rd party dependency that can bring down my app. It's wonderful.
Come over to the self-hosting dark site