update cdn links

[gdw2]

jsdelivr.net has updated their url scheme. The old style only has graphiql through version 0.10.x, but the new style supports through the latest (0.11.10 as of today).

[HeyHugo]

I need this 🙏 Having history pane in graphiql with newer versions is great.

[simonclouds]

@HeyHugo Dose the new version contain this history button? I use 1.4.1, but no.

[HeyHugo]

@simonclouds You can pass an argument graphiql_version to the graphql view to request a specific version. Currently I've modified my local flask-graphql with this PR so when I register my endpoint for graphql with graphiql it looks like this:

graphql_api = Blueprint('graphql', __name__)

graphql_api.add_url_rule(
    '/graphql',
    view_func=GraphQLView.as_view(
        'graphql',
        schema=schema,
        graphiql=True,
        graphiql_version='latest'
    )
)

And I get the latest version of graphiql

[simonclouds]

@HeyHugo Thanks a lot ! I just found that too in graphene_django.views when I looked into a django project, and I found the follow

class GraphQLView(View):
    graphiql_version = '0.10.2'
    graphiql_template = 'graphene/graphiql.html'

    schema = None
    graphiql = False
    executor = None
    middleware = None
    root_value = None
    pretty = False
    batch = False

after give the graphiql_version = '0.10.2' , I get the history button.

[nfisher]

From a security perspective I think it would be good to include Subresource Integrity/SRI in the tags. An example of the risk that SRI helps prevent is JS crypto-miners among other attacks where the CDN and/or publisher has been compromised; https://www.wordfence.com/blog/2018/02/cryptomining-javascript-supply-chain-attack/

As a result I think it's probably easier to maintain through copy-pasting the whole tag rather than templating the version. cdnjs as an example provides a "link with SRI" copy facility for most assets.