Future proofing #679
Comments
|
We can host it on https://www.jsdelivr.com/ which is an industry standard for hosting scripts. It is a free CDN also |
You are correct. I was under the impression, that one cannot self-host client.js without self-hosting the full utterances backend as hosted on Azure. But that's not quite true, I misread how Line 75 in 9e79bda Anything beyond that is off-limits. Also no way to change font color etc. beyond the themes in the repo without self-hosting the backend, due to cross-domain security rules. In the grand scheme of things this doesn't matter though in a domain expiration case, as you still allow the holder of utteranc.es to put anything on your website via the i-frame. 🤔 So the main question remains: Is the domain safe for the next decade, any monetary help needed to safe-guard the domain + the cost for running the Azure backend or should users migrate to giscus if talk on preserving comments for the 10 years. |
Right now the utterances API is hosted on Azure and
client.jsis hostedutteranc.es. So far, this project has been rock solid. Should theutteranc.esdomain expire and a bad actor grabs hold of it, then many blogs will be subject to a painful attack, whereclient.jscan be replaced with anything.So I want to make sure, does this project require help or funding, to secure
utteranc.es's future? Or is it fine for the next decade?Ideally, there should be a way to host
client.jsby oneself and still allow the interconnect to theutteranc.esAPI. Practically, this is not possible, due to how CSRF and authentication interact. So if there is a way to allow the staticclient.jsto be hosted by oneself, without the self-hosting of the API, then I think this project should pursue it.The text was updated successfully, but these errors were encountered: