With this pattern in place, we can achieve the following benefits: Subsequent requests made by the third-party script are sent to your Fastly service, inspected, and filtered as needed, then forwarded to the third party. The library code served by the third party is fetched into Fastly and transformed as needed, for example, to find and replace the third party's data collector URL with your proxy endpoint (this can be somewhat risky, but we'll discuss this later). Requests to that path are transformed into the correct backend path by Fastly and routed to that backend. The tag in the HTML is modified to load from a local path, e.g. is added to your Fastly service as a new backend. The same principle can be used to proxy many third-party scripts. Many of our customers use this feature to create a microservices at the edge architecture. If you serve your website through Fastly, you already have an edge-deployed reverse proxy with best practice security and the latest protocol support, capable of presenting a single domain to the world and yet routing requests to multiple different backend servers. What if your font provider goes down or is blocked by some country and your website renders as a blank page? Proxying to the rescue In practical terms, this means you can't write an effective Content-Security-Policy, browsers have to make multiple separate TCP connections to different servers (and therefore may not be able to prioritize efficiently), and your site's availability depends on the availability of all the third parties. ![]() Throw in a few trackers, analytics, fonts, and so on, and suddenly your users are fetching things from 20, 30, 50, or even more domains. Perhaps if as developers, we had more direct control over the behavior of third-party scripts, we could better protect the interests of our end users, while still getting the benefit of whatever service the third party offers. In fact, in some cases engineering teams may not know what is being loaded on the site at all if tools like Google Tag Manager are being used to delegate control over third-party scripts to other teams within the organization. Still, although the website owner is the one that chooses to use these third party services, they don't really have much - if any - control over what the third party does or what data is collected. A junior court in Germany recently fined a website operator for using Google Fonts, on the basis that doing so shared the end user's IP address with Google. Governments too are taking a stricter line. In fact, these protections are slowly being built more and more into browsers. Undeniably, there are privacy problems with third-party scripts, especially those dedicated to behavioral tracking plugins, like Ghostery, are a great way for end users to protect their privacy. Privacy, security, regulatory and performance problems According to a 2020 study by Ghostery, a browser privacy assistant, the average news and media website has more than 10 third-party scripts for tracking alone. These are pretty popular vendors - you might be using them on your own website. ![]() Sentry for reporting and aggregating JavaScript errorsįormKeep for collecting user sentiment and feedback But like many other websites, those pages also pull in resources from other domains. Our Developer Hub is a great example of a statically generated website that serves most of its pages and resources from a cloud storage bucket ( Google Cloud Storage in our case). Using and edge-based proxying, there might be a better way. ![]() These third-party scripts slow down your site, make it harder to write a strict Content-Security-Policy, and hand full access to your site to the third party. ![]() Powered by Signal Sciences Next-Gen WAF Bot protection DDoS mitigationīy industry Streaming media Digital publishing Online retail Financial services SaaS Travel & hospitality Online educationīy need Infrastructure savings Multi-cloud optimizationīy service Live event services Professional services Managed CDN Support plansĪlmost all webpages today load resources from origins other than the one the page came from. Network Services Content delivery (CDN) CDN Video Streaming Load balancing Image Optimization TLS encryption Origin Connect The platform behind the products that lets you create unforgettable experiences at global scale Learn more
0 Comments
Leave a Reply. |