privacy & offline use issue: google fonts from CDN

[gabriel-v]

When self-hosting this I see a lot of CDN fetches for google fonts:

This is a significant privacy problem as this enables the corporation to do tracking and surveillance on the group using the application.

This is also a functional problem if the prophecies container is hosted in an offline environment (on LAN/intranet without internet) -- I expect the fallback fonts to be uglier than the intended google fonts.

They can also be a page load performance problem, as I can see they are never cached, so they will delay all page loads by a few 100-300ms.

The Gravatar connection, by comparison, is easy to take out, just edit the Settings in the Admin UI.

Questions:

• could these dynamic font fetches be replaced with static files that are collected on disk using collectstatic?
• if such a modification is not possible to do dynamically (e.g. by env switch), where would I go in a fork to remove all these?

Thanks!

[pirhoo]

Hi @gabriel-v, thanks for raising the issue. You are right, we should replace this by self-hosted font faces. We won't be able to work on it this week but I can add it to the current sprint backlog.

[gabriel-v]

Thanks for the quick reply!

I can attempt to contribute a fix this week even through my javascript abilities are limited. Let me know if this download source would be OK or you have a different source in mind for the fonts.

[pirhoo]

It's mostly a SCSS work and building font face with a generator (they are plenty online). To download the font family I would rather use Google Fonts directly as they allow to download the files.