Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Should serve static asset libraries locally

See original GitHub issue

Static asset libraries such as jQuery, font-awesome, etc. are served from various CDNs on the internet. While convenient, this can cause problems for CTFs with no or unreliable internet access, in addition to being a security risk for XSS attacks if a CDN gets compromised.

Ideally, CTFd would include these files under /static and serve them up itself (or via a reverse proxy web server if desired).

$ grep -ER '"(https?:)?//[^"]+"' . | grep -E '<link|<script'
./CTFd/templates/admin/base.html:    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/css/normalize.min.css" />
./CTFd/templates/admin/base.html:    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/css/foundation.min.css" />
./CTFd/templates/admin/base.html:    <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
./CTFd/templates/admin/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script>
./CTFd/templates/admin/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/vendor/jquery.js"></script>
./CTFd/templates/admin/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/vendor/modernizr.js"></script>
./CTFd/templates/admin/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/marked/0.3.2/marked.min.js"></script>
./CTFd/templates/admin/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/foundation.min.js"></script>
./CTFd/templates/admin/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/foundation/foundation.topbar.min.js"></script>
./CTFd/templates/admin/editor.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/codemirror/4.8.0/codemirror.css">
./CTFd/templates/admin/editor.html:<script src="//cdnjs.cloudflare.com/ajax/libs/codemirror/4.8.0/codemirror.min.js"></script>
./CTFd/templates/admin/graphs.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.4.13/d3.min.js"></script>
./CTFd/templates/admin/graphs.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.js"></script>
./CTFd/templates/admin/pages.html:<script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.2.0/ace.min.js"></script>
./CTFd/templates/admin/pages.html:<script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.2.0/theme-github.js"></script>
./CTFd/templates/admin/pages.html:<script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.2.0/mode-css.js"></script>
./CTFd/templates/admin/team.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
./CTFd/templates/admin/team.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script>
./CTFd/templates/admin/team.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.4.13/d3.min.js"></script>
./CTFd/templates/admin/team.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.js"></script>
./CTFd/templates/admin/teams.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
./CTFd/templates/base.html:    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/css/normalize.min.css" />
./CTFd/templates/base.html:    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/css/foundation.min.css" />
./CTFd/templates/base.html:    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" />
./CTFd/templates/base.html:    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.3/styles/railscasts.min.css">
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script>
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/vendor/jquery.js"></script>
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/vendor/modernizr.js"></script>
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/marked/0.3.2/marked.min.js"></script>
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.4/highlight.min.js"></script>
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/foundation.min.js"></script>
./CTFd/templates/base.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/foundation/5.4.7/js/foundation/foundation.topbar.min.js"></script>
./CTFd/templates/chals.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
./CTFd/templates/chals.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script>
./CTFd/templates/chals.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.5.9/d3.min.js"></script>
./CTFd/templates/chals.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.js"></script>
./CTFd/templates/profile.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
./CTFd/templates/profile.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.5.9/d3.min.js"></script>
./CTFd/templates/profile.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.js"></script>
./CTFd/templates/scoreboard.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">
./CTFd/templates/scoreboard.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script>
./CTFd/templates/scoreboard.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.5.9/d3.min.js"></script>
./CTFd/templates/scoreboard.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.js"></script>
./CTFd/templates/setup.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/codemirror/4.8.0/codemirror.css">
./CTFd/templates/setup.html:<script src="//cdnjs.cloudflare.com/ajax/libs/codemirror/4.8.0/codemirror.min.js"></script>
./CTFd/templates/team.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.css">
./CTFd/templates/team.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.5.9/d3.min.js"></script>
./CTFd/templates/team.html:    <script src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.js"></script>
./CTFd/templates/teams.html:<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.0/c3.min.css">

Additionally there seems to be multiple versions of certain assets being used from different templates.

Issue Analytics

State:
Created 8 years ago
Reactions:1
Comments:5 (4 by maintainers)

Top GitHub Comments

1reaction

chateaulavcommented, Feb 14, 2022

delete the following values from the scss, and you will be good. this is simple to enable environments where internet connectivity needs to be blocked or you dont want to have the 30 sec lag when it tries to figure out it needs to load offline fonts.

CTFd/themes/core/assets/css/fonts.scss
@import url("https://use.fontawesome.com/releases/v5.9.0/css/all.css");
@import url("https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i|Raleway:400,400i,700,700i&subset=latin-ext");

CTFd/themes/core/static/css/fonts.dev.css
@import url(https://use.fontawesome.com/releases/v5.9.0/css/all.css);
@import url(https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i|Raleway:400,400i,700,700i&subset=latin-ext);

CTFd/themes/core/static/css/fonts.min.css
@import url(https://use.fontawesome.com/releases/v5.9.0/css/all.css);@import url(https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i|Raleway:400,400i,700,700i&subset=latin-ext);

0reactions

ColdHeatcommented, Feb 15, 2022

This is a very old issue but I think this change was partially reverted so that the CDN assets would be used if internet was available. But I’m okay with removing that in favor of hosting all assets via CTFd. But if you could make a new issue for tracking it’d be useful.