Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent loading resources from third party CDN #4598

Merged
merged 2 commits into from
Jul 6, 2018
Merged

Prevent loading resources from third party CDN #4598

merged 2 commits into from
Jul 6, 2018

Conversation

markuspoerschke
Copy link
Contributor

@markuspoerschke markuspoerschke commented May 28, 2018
edited
Loading

Description

  • Usage of Google Fonts was removed.
  • System fonts are used instead.

Motivation and Context

  • Remove usage of Google Fonts to avoid any data protection issue.
  • Using a CDN will leak data to a third party that can be simply avoided by using system fonts instead.
  • Usage of CDNs can cause legal issues in EU countries.

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@markuspoerschke
Prevent loading resources from third party CDN
d081171 
Remove usage of Google Fonts to avoid any data protection issue. Using a
CDN will leak data to a third party that can be simply avoided by using
system fonts instead.

Furthermore the usage of CDNs can cause legal issues in EU countries.
@GuilhemN GuilhemN mentioned this pull request May 28, 2018
Closed
@shockey
Copy link
Contributor

shockey commented Jun 1, 2018

I'd hate to see our pretty fonts go away, but I do recognize the weight of potential GDPR issues. As was discussed downstream, we could look at making this a configuration option (perhaps something generic like useExternalResources).

@webron, thoughts?

@markuspoerschke
Copy link
Contributor Author

The used fonts are licensed as following:

  • Open Sans: Apache
  • Source Code Pro: SIL Open Font License
  • Tittilium Web: SIL Open Font License

See: https://fonts.google.com/attribution

Therefore the alternative of using the Google Fonts API is to bundle the fonts directly with the build of Swagger and add it to the distribution. Then no external resources are needed and still the pretty fonts can be used.

@shockey shockey merged commit 875caab into swagger-api:master Jul 6, 2018
@shockey
Copy link
Contributor

shockey commented Jul 6, 2018

thanks @markuspoerschke!

@shockey shockey mentioned this pull request Jul 6, 2018
Closed
@shockey shockey mentioned this pull request Aug 23, 2018
Closed
papandreou added a commit to papandreou/swagger-ui that referenced this pull request Aug 28, 2018
@papandreou
Remove one remaining reference to Titillium (Google Web Fonts)
fd2a3d3 
Follow up to swagger-api#4598
@papandreou papandreou mentioned this pull request Aug 28, 2018
Merged
17 tasks
papandreou added a commit to papandreou/swagger-ui-express that referenced this pull request Aug 28, 2018
@papandreou
Don't load the Google Web Fonts CSS anymore
d7eaed3 
swagger-ui 3.17.3 included this PR, which stopped using Google Web Fonts:
swagger-api/swagger-ui#4598

... So it's no longer necessary to load the Google Web Fonts CSS
anymore.
papandreou added a commit to papandreou/swagger-ui-express that referenced this pull request Aug 28, 2018
@papandreou
Don't load the Google Web Fonts CSS anymore
ead61ab 
swagger-ui 3.17.3 included this PR, which stopped using Google Web Fonts:
swagger-api/swagger-ui#4598

... So it's no longer necessary to load the Google Web Fonts CSS.
@papandreou papandreou mentioned this pull request Aug 28, 2018
Merged
shockey pushed a commit that referenced this pull request Sep 6, 2018
@papandreou @shockey
fix: remove remaining reference to Titillium webfont (via #4840)
f1224e5 
Follow up to #4598
manicki added a commit to manicki/hapi-swaggered-ui that referenced this pull request Apr 12, 2019
@manicki
Do not load fonts from the third-party CDN
2b8dc21 
Following the change in the swagger-ui:
swagger-api/swagger-ui#4598
@manicki manicki mentioned this pull request Apr 12, 2019
Open
bvanderlaan pushed a commit to bvanderlaan/swagger-ui-restify that referenced this pull request May 3, 2019
@papandreou @bvanderlaan
Don't load the Google Web Fonts CSS anymore
a2a6fb4 
swagger-ui 3.17.3 included this PR, which stopped using Google Web Fonts:
swagger-api/swagger-ui#4598

... So it's no longer necessary to load the Google Web Fonts CSS.

(cherry picked from commit ead61ab)

Conflicts:
	indexTemplate.html
@alanpoulain alanpoulain mentioned this pull request Mar 4, 2021
Merged
@jon4hz jon4hz mentioned this pull request Sep 30, 2021
Open
@pklanka pklanka mentioned this pull request Aug 7, 2022
Closed
JuanSW18 pushed a commit to Digital-Paw/digital-paw-swagger-ui that referenced this pull request Aug 23, 2024
@markuspoerschke @shockey
improvement: prevent loading resources from third party CDN (via swag…
f36e638 
…ger-api#4598)

Remove usage of Google Fonts to avoid any data protection issue. Using a
CDN will leak data to a third party that can be simply avoided by using
system fonts instead.

Furthermore the usage of CDNs can cause legal issues in EU countries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shockey shockey shockey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markuspoerschke @shockey