Reliance on Alibaba CDN for Ant icon loading?

  • Resolved slapbox

    (@slapbox)


    3 years, 10 months ago

    Is there some way that you can disable this? Are these scripts loaded for non-administrator users? You’d think that would be easy to test, but right now for me it isn’t.

    If the CDN is used only for administrators, okay.

    If the CDN is used for all logged in users of any role, meh.

    If the CDN is used for non-logged in users, I will definitely have to find another plugin.

    It may seem like a small thing, but it’s a privacy concern in my view. The same could be said of other CDNs, but other popular CDNs aren’t run by a company that’s subject to Chinese rule.

    Thanks for reading and for your great work. This is the only place I can find fault.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author devowl.io GmbH

    (@devowl)

    3 years, 10 months ago

    Hi slapbox,

    Thank you for contacting us. We were not aware of this issue, which seems to be introduced by updating one of our dependencies that we use in the Real Media Library.

    We have discussed the problem and will try to find a solution in the next few days to deliver the font with the Ant symbol as part of the plugin (hosted in your WordPress instead of Alibaba CDN) as it simplifies the plugin in terms of GDPR and similar laws.

    However, the font Ant icon is only loaded for logged-in users in the WordPress backend when they are in the media library or in the “Insert Media” dialog. So as far as I understand you, this is the best case for your purpose.

    We will keep you up-to-date in this thread as soon as a solution to remove the dependency to Alibaba CDN is available.

    Best,

    Jan

    Thread Starter slapbox

    (@slapbox)

    3 years, 10 months ago

    Hey Jan thanks for your reply!

    The fonts actually attempt to load on our front-end when logged in, not only in the dashboard, and definitely not only the Media page. As soon as a I login as an administrator the fonts start trying to load, even if I’m simply viewing the homepage of our site. Can you confirm this on your end?

    I’m encouraged by your response and hope to see this resolved soon! Thanks so much!

    Thread Starter slapbox

    (@slapbox)

    3 years, 10 months ago

    Another strange related thing, on the actual media library page I see this other failed request:

    Refused to load the image 'http://dashicons%20dashicons-category/' because it violates the following Content Security Policy

    I assume whatever that’s supposed to be linked to is broken? I know it’s being blocked by our CSP, but it’s invalid to begin with.

    Thread Starter slapbox

    (@slapbox)

    3 years, 10 months ago

    I’m also noticing, looking at the homepage in Asset Cleanup – 18 files are being loaded on the front-end of the site – even things like React translation library: /wp-content/plugins/real-media-library-lite/public/lib/i18n-react/dist/i18n-react.umd.min.js and MobX

    I think a lot of things are being loaded on the front end that are not intentional. All in all these total at least 500kb.

    Plugin Contributor Matthias Günter

    (@mguenter)

    3 years, 10 months ago

    Hi @slapbox!

    Sorry for the delayed answer.

    As soon as a I login as an administrator the fonts start trying to load, even if I’m simply viewing the homepage of our site. Can you confirm this on your end?

    You can deactivate this behavior in Settings > Media > “Load RML on frontend”. This happens only for logged-in users to ensure media management for page builders, too.

    I assume whatever that’s supposed to be linked to is broken? I know it’s being blocked by our CSP, but it’s invalid to begin with.

    Can you please send a screenshot where this happens? Unfortunately I can not reprocedure this issue.

    I think a lot of things are being loaded on the front end that are not intentional. All in all these total at least 500kb.

    The scripts are only loaded – as mentioned before – only when you are a logged-in user with permissions to upload_files. You can deactivate this in Settings > Media.

    Regards,
    Matthew 🙂

    Thread Starter slapbox

    (@slapbox)

    3 years, 10 months ago

    Ah that works, thank you!

    This is what I see on the Media Library page. It’s rightfully blocked by our CSP, but it also seems impossible that it’s valid to begin with. https://imgur.com/a/8tSYrpy

    Is it still planned to remove the need for the CDN though? Updating our security policy to get the icons is a pain. Otherwise, great plugin! Thanks for all your help!

    Plugin Contributor Matthias Günter

    (@mguenter)

    3 years, 10 months ago

    Hi @slapbox !

    Thanks for your reply. Yeah, we are currently working on a solution for this to remove the need of the CDN. An update will be released this week.

    From the screenshot, where do you get this issue? The icon is never used in the media library.

    Best regards,
    Matthew 😎

    Thread Starter slapbox

    (@slapbox)

    3 years, 10 months ago

    Whoops! @mguenter the dashicon thing isn’t from RML, it just happened to appear on the Media Library alongside the other failed requests. After a grep on our server I found that it’s actually from our theme, but it doesn’t appear consistently which tricked me.

    So we’re all set as soon as the CDN thing is resolved. Thanks so much for your help!

    Plugin Contributor Matthias Günter

    (@mguenter)

    3 years, 10 months ago

    Hi @slapbox !

    We just released a new version of the plugin. Please give it a try and let us know if it works on your site!

    Regards,
    Matthew 😁

    Thread Starter slapbox

    (@slapbox)

    3 years, 10 months ago

    @mguenter, looks great! Thanks so much!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Reliance on Alibaba CDN for Ant icon loading?’ is closed to new replies.