STP must not make clients issue requests to 3rd-party sites
SUT:
- v2.0.0-rc4-armv7-musl on OpenWRT (on Cubietruck)
- isolated system without WAN network
- client connected to OpenWRT via LAN
Reproduction:
- start up STP on the server
- connect with client (web browser) to STP instance
Expected:
- STP start page shows up quickly, all connects go to the local network (default
192.168.1.1
for OpenWRT)
Actual:
- the client tries to connect to
code.jquery.com
and timeouts after ~1-2 minutes, then displays the landing page but the project logos for DuckDuckGo and LineageOS are missing
The requests affect two resources:
jquery-ui.css
jquery-ui.js
Affected pages I've seen so far:
- Main page
- Dashboard (in a project)
Other pages do not seem to issue the request.
Edited by Daniel Kulesz