bump?

Don't know if it's policy to create separate issues on the same topic, but the csp also has two outdated urls for discord:
cdn.discordapp.com and discordapp.com have been changed to media.discordapp.net

PR https://github.com/miraheze/puppet/pull/3444

Form has not been filled out. Please reopen once the form has been filled out in its entirety with all questions on the form answered completely. Thanks.

That sounds good, I'll see if I can download the font later. Thanks! 👍

As a quickfix, why not upload the font onto your wiki in the meanwhile (of course, making sure to attribute copyright to Adobe)?

Can I fill this in? If so:

Let's not start here please. What I would say though is that users themselves should decide whether they subscribe to a task, others shouldn't need to decide for them.

In T10577#218198, @OrangeStar wrote:

In T10577#218197, @BrandonWM wrote:

Why was OrangeStar removed as a subscriber? Seeing they have been re-added, so that's good, just was confused as they're a MediaWiki Engineer.

Are you for real? Take a look at Meta's RC and Phab's latest changes

In T10577#218197, @BrandonWM wrote:

Why was OrangeStar removed as a subscriber? Seeing they have been re-added, so that's good, just was confused as they're a MediaWiki Engineer.

Why was OrangeStar removed as a subscriber? Seeing they have been re-added, so that's good, just was confused as they're a MediaWiki Engineer.

OK, well, I have explained it now. Sorry for not catching you before.

In T10577#218176, @Naleksuh wrote:

@Agent_Isai This form is inapplicable. For example, one of the forms asks about "user data" even though there is no user data anywhere there. It is a static site

Removing me from subscribers? Pretty funny.

@Agent_Isai This form is inapplicable. For example, one of the forms asks about "user data" even though there is no user data anywhere there. It is a static site

No response. Please reopen once details are filled in.

@Naleksuh Please fill out the form in this task. Thanks.

@Reception123 For the root domain naleksuh.com, yes, no-one but me can upload any files there. Some of the subdomains and other domains I have do contain wikis and such that anyone can write to. But I am only asking for naleksuh.com right now

Are you able to give assurances that your website does not and will never collect any kind of personal data that would be covered by the GDPR?

In T5869#210999, @Revival wrote:

There are still issues which prevent many images from showing.

Currently only their main domains are whitelisted:

'imgbb.com'
'postimages.org'

However those 2 sites use multiple (sub-)domains to store the images, more (sub-)domains have to be whitelisted.

Regarding imgbb.com, those additional lines are required:

'*.imgbb.com'
'simgbb.com'
'*.simgbb.com'
'ibb.co'
'*.ibb.co'

Regarding postimages.org, those additional lines are required:

'*.postimages.org'
'postimgs.org'
'*.postimgs.org'
'postimg.cc'
'*.postimg.cc'

Thank you.

Per @OrangeStar and T9457#194407, unless that changes we can't accept this.

Just noting that toolforge hasn't had much luck in CSP reviews (T8131, T9457), and this is unlikely to be an exception.

This task has generated a lot of debate and both sides have been considered, as well as observations by the T&S team in the T9252 task. Unfortunately, I have come to the conclusion that the different concerns expressed by T&S in that previous task have not been sufficiently addressed and the circumstances mentioned haven't changed since then. In addition, a CSP whitelist addition requiring so much debate and back and forth is in itself an indication that there are concerns to be had.

There are still issues which prevent many images from showing.

It works, thank you very much.

I have now moved it to img-src. It may take a few minutes to start working though.

It looks like it needs to be added to img-src, as it's still not working:

Since Google has been approved in T7872 and this is part of Google/YouTube approved and added.