Open
0 of 4 issues completed
Description
@shainaraskas jun 30: for security reasons, we plan to replace any placeholder/fake URLs with non-hostable placeholder segments.
Remove segments that make a valid URL, including prefixes (http://) and TLDs (.com).
before:
<script src="https://<your-cdn-host>.com/path/to/elastic-apm-rum.umd.min-<version>.js" crossorigin></script>
after:
<script src="<your-url>/elastic-apm-rum.umd.min-<version>.js" crossorigin></script>
The placeholder <> can be adapted to use descriptive text for its purpose. For example, a placeholder for a splunk server might look like this:
server: <your-splunk-server-url>/<path>
original content:
Related to: elastic/apm-agent-rum-js#1611
In recent light of finding malicious actors abusing dummy links in our Docs, we'd like to do the following additional step
- [In the affected piece(s) of documentation, include a conspicuous security warning (e.g. a bright-colored box) advising users to "refrain from following any link to dummy URLs like [include non-clickable image copy of the original dummy URL] because threat actors are known to be misusing such URLs to distribute malware".
Please let me know if this is the correct repo.
Sub-issues
Metadata
Metadata
Assignees
Labels
No labels