Re: Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/#review58218 --- This patch does not apply cleanly on master (53f4e73), do you need to rebase? - Aurora ReviewBot On July 9, 2014, 9:50 p.m., David Robinson wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 9, 2014, 9:50 p.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Re: Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/#review49153 --- ./src/main/python/apache/thermos/observer/http/assets/jquery* should be removed in favor of using 3rdparty bower components (these are the last deps in the src tree that are not in 3rdparty currently) - Jake Farrell On July 9, 2014, 9:50 p.m., David Robinson wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 9, 2014, 9:50 p.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Re: Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/#review49045 --- Reviewers - ping? - Bill Farner On July 9, 2014, 9:50 p.m., David Robinson wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 9, 2014, 9:50 p.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Re: Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/#review49084 --- Not sure I understand the motivation here. It's generally best to host your own static assets. - David McLaughlin On July 9, 2014, 9:50 p.m., David Robinson wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 9, 2014, 9:50 p.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Re: Review Request 23329: remove embedded jquery
On July 8, 2014, 1:18 a.m., Kevin Sweeney wrote: src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl, line 62 https://reviews.apache.org/r/23329/diff/1/?file=625207#file625207line62 -1, this is pretty much unacceptable from a security standpoint - data visible to the observer origin includes sensitive application logs -1 from a reliability standpoint as well - the observer is used to debug low-level infrastructure and a dependency on an external CDN doesn't work for that. Thermos serves its static content (including the bundled jquery) and logs over http, in clear text... that's a bigger security risk, no? I understand why you wouldn't trust any old CDN, but why can't we trust Google's? We could instead use the local copy as a fallback: script src=//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js/script scriptwindow.jQuery || document.write('script src=/assets/jquery.js\x3C/script')/script - David --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/#review47428 --- On July 8, 2014, 1:08 a.m., David Robinson wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 8, 2014, 1:08 a.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/assets/jquery.js 3774ff986139c8a7534e14bc8987fe80418dcc1b src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Re: Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 9, 2014, 9:50 p.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Changes --- Fall back to local jquery. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs (updated) - src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/assets/jquery.js 3774ff986139c8a7534e14bc8987fe80418dcc1b src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson
Re: Review Request 23329: remove embedded jquery
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/#review47428 --- src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl https://reviews.apache.org/r/23329/#comment83209 -1, this is pretty much unacceptable from a security standpoint - data visible to the observer origin includes sensitive application logs -1 from a reliability standpoint as well - the observer is used to debug low-level infrastructure and a dependency on an external CDN doesn't work for that. - Kevin Sweeney On July 7, 2014, 6:08 p.m., David Robinson wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/23329/ --- (Updated July 7, 2014, 6:08 p.m.) Review request for Aurora, David McLaughlin and Brian Wickman. Bugs: AURORA-578 https://issues.apache.org/jira/browse/AURORA-578 Repository: aurora Description --- remove embedded jquery Diffs - src/main/python/apache/thermos/observer/http/assets/jquery.js 3774ff986139c8a7534e14bc8987fe80418dcc1b src/main/python/apache/thermos/observer/http/templates/filebrowse.tpl 511d7c06206ae5fd8a4206683f09348e1276b8c4 src/main/python/apache/thermos/observer/http/templates/index.tpl 3ccb6e841c932cb8bcb43b765e0b5aa8bc567f88 src/main/python/apache/thermos/observer/http/templates/logbrowse.tpl b182a4b331fbe8b9dd437194d195d220184a2f7c Diff: https://reviews.apache.org/r/23329/diff/ Testing --- Thanks, David Robinson