Why shouldn't I use scripts.mit.edu/~locker URLs?
Early versions of the scripts.mit.edu webhosting platform used URLs of the form http://scripts.mit.edu/~locker/ (or https://scripts-cert.mit.edu/~locker/). Those URLs still work, but have long since been deprecated in favor of URLs like https://locker.scripts.mit.edu/. Current autoinstallers and documentation all use the new form of the URLs (if you find exceptions, please contact us).
The older ~ form of URLs, in addition to being aesthetically unpleasing, is incompatible with the modern web’s security model. Under the “same-origin policy”, browsers consider a site at https://scripts.mit.edu/~locker/ to be run by the same group as one at https://scripts.mit.edu/~evil/, and allow JavaScript from the latter to interfere with the former. (You can read more at Wikipedia or the Mozilla Developer Network.) As a result, using ~ URLs is discouraged and will stop working entirely at some point in the future.
| Previous: | May I include that stylish "powered by scripts" image on my website? |
| Next: | How do I enable file uploads to my MediaWiki? |
These pages may be reused under either the GFDL 1.2 or CC-BY-SA 3.0.
Questions? Contact scripts@mit.edu.
You are currently connected to cats-whiskers.mit.edu.
