Foundation.mozilla.org: Examine Optimizely integration & security

Created on 1 Jun 2017  路  3Comments  路  Source: mozilla/foundation.mozilla.org

@gvn - can you add a summary here? I don't think we need to start this work now, just want to make sure we capture the info. For later this month or next. cc @alanmoo

engineering
Source
picture xmatthewx

Most helpful comment

Good decision! 馃憤

picture gvn on 10 Jan 2019
😄2

All 3 comments

Fundamentally, Optimizely requires us to weaken our content security policy to allow inline script execution, which opens an attack vector.

Aside from that, it also allows code to be added to our sites (and directly to production) by anyone with Optimizely credentials that hasn't been given a proper review (although, we could set a policy to address that issue).

gvn picture gvn on 2 Jun 2017

I believe we are no longer using Optimizely.

kristinashu picture kristinashu on 10 Jan 2019
🎉1

Good decision! 馃憤

gvn picture gvn on 10 Jan 2019
😄2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kristinashu picture kristinashu  路  3Comments
sabrinang picture sabrinang  路  5Comments
benhohner picture benhohner  路  4Comments
taisdesouzalessa picture taisdesouzalessa  路  3Comments
taisdesouzalessa picture taisdesouzalessa  路  5Comments