Sagacious Himself — brevity in circumlocution: never blague — suffering genius

July 23, 2013

wp cross domain content privacy breach

Filed under: AYBABTG — Sagacious Himself @ 4:43 pm

requiring google maps JS to enable editing fields on newly created post?  That’s a tad abusive.  Whatever JS you need to enable post creation/editing should ONLY reside within WP owned domains.

These ‘free’ services merely better enable cross-domain tracking of users.

suggested:

for third party hosted bits like fonts.google, google api, yahoo api  CACHE THEM LOCALLY.  Update your cache when remotes bit changes.

fonts.google.cache.wp.com
*.googleapis.cache.wp.com
*.yahooapis.cache.wp.com

That is IFF you value user security?

[snip]

Advertisements

Blog at WordPress.com.