[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-librejs] About non-free JavaScript files

From: P
Subject: Re: [Help-librejs] About non-free JavaScript files
Date: Mon, 15 Jul 2019 15:00:03 +0100

Hi Saygılarımızla,

If you are able to, add a Content Security Policy (CSP) header to the HTTP headers. That would disallow non-approved scripts from running, even if included in the page body.

If you set it to:

Content-Security-Policy: script-src 'self';

then it will only host scripts hosted on your own domain. If you set it to 'none', then no JS will be loaded at all.

If you are not able to edit the HTTP header, then it is also possible to add CSP rules in a <meta> tag.

Hope that helps.


On 15/07/2019 13.38, The FLOSS Information wrote:
Since I am using a content management system, it will be difficult to remove some non-free _javascript_ files. I agree with you about Disqus.
15.07.2019, 15:08, "Dmitry Alexandrov" <address@hidden>:

The FLOSS Information <address@hidden> wrote:

 I think there are non-free _javascript_ files on my blog. It seems to be a bit difficult for me to throw them out because Disqus and Google Custom Search are offered on my content management system. What can I do?

You can stop using Google Custom Search and Disqus, of course. As for Google, the freedom-friendly replacement is rather straightforward, as Google _does_ allow you to embed their normal search (which, as you know, works well with no any client-side programs), if you know the magic option. MWE:


As for Disqus, I am not aware of any direct replacement. The approach itself, that is placing the initial post of the thread on your own website, while outsourcing replies to it to some third-party network, actually, looks dubious to me.

The FLOSS Information

reply via email to

[Prev in Thread] Current Thread [Next in Thread]