sandbox iframe used for github star

[sonalkr132]

iframe only needs permission to excute script and open new window.
It doesn't need other permission like form submission, navigation of
top-level browsing content etc. Sandboxing is not supported by IE 10
and below.
Read: https://msdn.microsoft.com/en-us/hh563496

[simi]

I'm not sure if using 3rd party (even used script is not from GitHub itself) application in iframe is the best solution here.

[sonalkr132]

This makes me scared 😱

I have only seen ghbtns used in static website like a github page for ones library. At least we should have content security policy in place first.
I would still suggest what cocapods does. They use a different app to update a separate table for github metrics. They blogged a few details but one can always get the story together from their repo.
Stars icon is no magic, we can build of our own.

[simi]

I think that's not needed. We can get numbers from GH and vendor button styles.

[sonalkr132]

What about rate limits of Github API? I hope eventually we will show open issue and pull requests as well.

[simi]

I mean on client side.

[sonalkr132]

I am not sure if doing it on client side would be a feasible solution either. We will be making unauthenticated requests to github api and rate limit for that is 60 requests per hour.
Given that they use ip address to track the rate limit, can you suggest how we can deal with scenario where our multiple users are on the same network and they have same public ip address?

[sonalkr132]

Turns out we are already making requests to github api 😂 ghbtns probably just provides icon and style.

We should so remove this 🙅‍♂️ @dwradcliffe what do you say?

[dwradcliffe]

I'm totally ok with removing the 3rd party part and doing this ourselves. 👍 I'd like to keep the github api stuff client side though.

[simi]

@dwradcliffe I can try to craft this.

[dwradcliffe]

Is this still valid?

[sonalkr132]

See #1827