Loading JavaScript from non-localhost while running the application locally #9
Labels
enhancement
New feature or request
Comments
|
Yes, you are right. I will consider excluding analytics when run locally. Will update this issue when implemented. For now, just block the script locally in your browser. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As I need to enter my vanmoof credentials into this application I'm quite cautious about where this data might end up.
So I installed the application locally and opened it in the browser, checking if any sources are loaded that do not come from localhost, which would eventually put me at risk of having my vanmoof credentials stolen.
Unfortunately I realized that this is the case. The application loads a script from the authors site. ( https://plausible.grossartig.io/js/script.js )
I'm not implying that this happens out of malice and that the author of the script is trying to steal credentials. If I understand it correctly this script is used for analytics and tracking.
However I would recommend to not load that script (at least if the application is running locally) in order to keep up trust in the system that the author created.
The text was updated successfully, but these errors were encountered: