Allow noscript fallback to be programmatically disabled

Question

Allow noscript fallback to be programmatically disabled

Closed this issue 10 years ago · 3 comments

Similar to what was proposed over in #17, it'd be awesome to have some way, either via an environmental variable, or via a site config to programmatically disable the HTTP request required by the fallback.

For one, as @tiagoamaro pointed out, for large sites, it significantly slows down generation. It'd be preferable, in that case, to have the gist tags there with no, non-javascript fallback, than to have the site not generate at all (with not-all including > 10 minutes).

For another, as we're looking to bump the version used in GitHub Pages, there's a bit of a DDoS concern. This can happen in two ways:

If we pause the worker queue for a minute or two, lets say 1000 builds pile up, and each site has 10 Gists, we've just flooded the Gist Raw endpoint with 10,000 near-simultaneous requests to a non-rate-limited endpoint.
A malicious user could create a site (or sites) with 1000s of Gists, and achieve the same ends any time they wanted.

It'd be awesome to be able to disable the non-javascript fallback entirely (and I suspect other users would want the option for themselves as well, especially for local development).

Edit: Glad to implement if there's consensus.

/cc #27

Answer 1 · 2015-11-26T21:10:25.000Z

Sounds great, Ben. How about

gist:
  fallback: false

Answer 2 · 2015-11-26T21:11:56.000Z

👍 to @parkr's idea.

Answer 3 · 2015-11-26T21:12:36.000Z

Or noscript as proposed in the other issue.