Forum OpenACS Development: Re: Cannot import JQuery

2: Re: Cannot import JQuery (response to 1)
Posted by Gustaf Neumann on
First of all, if you do not want to use CSP, then deactivate it via kernel parameters (set CSPEnabledP to 0), then no CSP checking will be performed, same as ever.

If you want to use CSP, make yourself familiar and read [1]. When including jquery, use always the templating API [2] for including content, and when you want to use a CDN, make sure to allow these external resources via "security::csp::require ...".

When you use the preview version of OpenACS 5.10 (from the oacs-5-10 branch), it is recommended to use URNs [3], which act like an registry for resources, where it can be managed at one place what internal or CDN resources are loaded (e.g. for the rich-text editors), where where some themes might already include certain resources (like jquery in the bootstrap themes).

Note, that several versions of jquery have security problems, such that currently jquery 3.4.0 is recommended. Several people recommend, to avoid jquery when possible (see e.g. [4]).

Hope, this helps.