logo

Les options d’hébergement (anglais)

In its simplest version, Potions Tag is a line of code that simply fetches a javascript script hosted on Potions servers.
javascript
<script type="text/javascript" src="https://client.get-potions.com/[CLIENT_NAME]/potions.js" async> </script>
Potions offers two options to increase your IT security :
  • adding SRI to the Potions Tag
  • self-hosting Potions script
Both options come at the cost of less flexibility : when adding a feature to the script, you will have to
  • change the Potions Tag in case of SRI
  • replace the hosted script by the new one in case of self-hosting
Here are the details of each implementation

Potions hosted without SRI

javascript
<script type="text/javascript" src="https://client.get-potions.com/[CLIENT_NAME]/potions.js" async> </script>
Here is our setup to insure the best up time and response time.
Image without caption
PROS
  • Potions is responsible for the availability of the script
  • Hot deployments : Potions can add new features or fix without the need of your IT
CONS
  • Your website’s code can be altered if Potions servers are attacked

Potions hosted with SRI

The Potions Tag looks like this
javascript
<script src="https://client.get-potions.com/[CLIENT_NAME]/potions.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" crossorigin="anonymous" async></script>
Potions gives you this tag to setup on your website’s pages, including the integrity hash.
Every time the script needs to be changed (not that often)
PROS
  • Potions is responsible for the availability of the script
  • Protect websites from CDN attacks
  • Protect websites from any alteration of the script
  • Very low impact on fetching response time
CONS
  • Requires to change the tag whenever the script is modified

Self-hosting

The “Potions Tag” looks like this
javascript
<script src="https://[CLIENT_DOMAIN]/potions.js" async></script>
In this case Potions deposit the script on a SFTP and your IT gets it then host it on your servers.
PROS
  • Absolutely no dependance between your IT and Potion’s IT
CONS
  • Involves your IT whenever the script is modified.