Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow more flexible handling of external dependencies in templates #1302

Closed
xamanu opened this issue Jul 2, 2023 · 3 comments
Closed

Allow more flexible handling of external dependencies in templates #1302

xamanu opened this issue Jul 2, 2023 · 3 comments
Labels
enhancement New feature or request stale Issue marked stale by stale-bot

Comments

@xamanu
Copy link
Contributor

xamanu commented Jul 2, 2023

Is your feature request related to a problem? Please describe.

The software currently creates a potential privacy breach by fetching data from an external website at runtime. This happens usually in the templates pulling in javascript, css and font files from https://unpkg.com and Google.

Describe the solution you'd like

It would be great to be able to set the path to external libraries with a variable, in order to use provide the libraries with a relative path and being served from the same web-server.

Additional context

Output from lintian, while packaging it for Debian and derivatives:

E: python3-pygeoapi: privacy-breach-uses-embedded-file You may use the libjs-bootstrap package. (https://unpkg.com/bootstrap@5.1.3/dist/css/bootstrap.min.css) [usr/lib/python3/dist-packages/pygeoapi/templates/_base.html]
E: python3-pygeoapi: privacy-breach-uses-embedded-file You may use the node-html5shiv package (virtual package). (https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.js) [usr/lib/python3/dist-packages/pygeoapi/templates/_base.html]
W: python3-pygeoapi: privacy-breach-generic [<link href="https://fonts.googleapis.com/css?family=montserrat:300,400,700|roboto:300,400,700" rel="stylesheet">] (https://fonts.googleapis.com/css?family=montserrat:300,400,700|roboto:300,400,700) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/redoc.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="icon" type="image/png" href="https://unpkg.com/swagger-ui-dist/favicon-16x16.png" sizes="16x16" />] (https://unpkg.com/swagger-ui-dist/favicon-16x16.png) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/swagger.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="icon" type="image/png" href="https://unpkg.com/swagger-ui-dist/favicon-32x32.png" sizes="32x32" />] (https://unpkg.com/swagger-ui-dist/favicon-32x32.png) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/swagger.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet.markercluster/dist/markercluster.css"/>] (https://unpkg.com/leaflet.markercluster/dist/markercluster.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/index.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet.markercluster/dist/markercluster.default.css"/>] (https://unpkg.com/leaflet.markercluster/dist/markercluster.default.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/index.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet@1.3.1/dist/leaflet.css" />] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/tiles/index.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet@1.3.1/dist/leaflet.css"/>] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/collection.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet@1.3.1/dist/leaflet.css"/>] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/edr/query.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet@1.3.1/dist/leaflet.css"/>] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/index.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet@1.3.1/dist/leaflet.css"/>] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/item.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" href="https://unpkg.com/leaflet@1.3.1/dist/leaflet.css"/>] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.css) [usr/lib/python3/dist-packages/pygeoapi/templates/stac/item.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" type="text/css" href="https://unpkg.com/leaflet-coverage@0.7/leaflet-coverage.css">] (https://unpkg.com/leaflet-coverage@0.7/leaflet-coverage.css) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/edr/query.html]
W: python3-pygeoapi: privacy-breach-generic [<link rel="stylesheet" type="text/css" href="https://unpkg.com/swagger-ui-dist/swagger-ui.css" >] (https://unpkg.com/swagger-ui-dist/swagger-ui.css) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/swagger.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js">] (https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/redoc.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.3.1/leaflet.js">] (https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.3.1/leaflet.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/tiles/index.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/covjson-reader@0.16/covjson-reader.src.js">] (https://unpkg.com/covjson-reader@0.16/covjson-reader.src.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/edr/query.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/covutils@0.6/covutils.min.js">] (https://unpkg.com/covutils@0.6/covutils.min.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/edr/query.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet-coverage@0.7/leaflet-coverage.min.js">] (https://unpkg.com/leaflet-coverage@0.7/leaflet-coverage.min.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/edr/query.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet.markercluster/dist/leaflet.markercluster-src.js">] (https://unpkg.com/leaflet.markercluster/dist/leaflet.markercluster-src.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/index.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet.vectorgrid@latest/dist/leaflet.vectorgrid.bundled.js">] (https://unpkg.com/leaflet.vectorgrid@latest/dist/leaflet.vectorgrid.bundled.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/tiles/index.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet@1.3.1/dist/leaflet.js">] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/collection.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet@1.3.1/dist/leaflet.js">] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/edr/query.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet@1.3.1/dist/leaflet.js">] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/index.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet@1.3.1/dist/leaflet.js">] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.js) [usr/lib/python3/dist-packages/pygeoapi/templates/collections/items/item.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/leaflet@1.3.1/dist/leaflet.js">] (https://unpkg.com/leaflet@1.3.1/dist/leaflet.js) [usr/lib/python3/dist-packages/pygeoapi/templates/stac/item.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.js">] (https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.js) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/swagger.html]
W: python3-pygeoapi: privacy-breach-generic [<script src="https://unpkg.com/swagger-ui-dist/swagger-ui-standalone-preset.js">] (https://unpkg.com/swagger-ui-dist/swagger-ui-standalone-preset.js) [usr/lib/python3/dist-packages/pygeoapi/templates/openapi/swagger.html]
@xamanu xamanu added the enhancement New feature or request label Jul 2, 2023
@tomkralidis tomkralidis mentioned this issue Jul 3, 2023
Merged
2 tasks
@tomkralidis
Copy link
Member

tomkralidis commented Aug 21, 2023
edited

Thanks @xamanu. Some thoughts:

  • I'm not sure we need html5shiv anymore?
  • I think most of the dependencies can be pulled from unpkg.com? If this is the case, then we can support something like server.ui.assets_basepath, which would default to unpkg.com, else a directory path?
  • we could also add a pygeoapi bundle sync workflow, which downloads all assets into a directory tree for offline use

@totycro thoughts?

@tomkralidis tomkralidis mentioned this issue Aug 28, 2023
Merged
2 tasks
@github-actions GitHub Actions
Copy link

As per RFC4, this Issue has been inactive for 90 days. In order to manage maintenance burden, it will be automatically closed in 7 days.

@github-actions github-actions bot added the stale Issue marked stale by stale-bot label Mar 10, 2024
@github-actions GitHub Actions
Copy link

As per RFC4, this Issue has been closed due to there being no activity for more than 90 days.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request stale Issue marked stale by stale-bot
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xamanu @tomkralidis