VadimDez / ng2-pdf-viewer

📄 PDF Viewer Component for Angular
https://vadimdez.github.io/ng2-pdf-viewer/
MIT License
1.31k stars 421 forks source link

Do not use CDN by default #1135

Open studioromeo opened 2 months ago

studioromeo commented 2 months ago
Bug Report or Feature Request (mark with an x)
- [ ] Regression (a behavior that used to work and stopped working in a new release)
- [x] Bug report -> please search issues before submitting
- [x] Feature request
- [ ] Documentation issue or request

While convenient to use a CDN I do not think this should be the default for the component. As the recent issue with polyfill.io showed reliance on a CDN that we do not control can represent a security risk so it should be up to users of the component to opt into the use of a CDN rather than opt out.

Here is the code. I believe we should change this to use a locally installed pdf.js worker copy by default and defer to CDN if a consumer requests this behaviour. https://github.com/VadimDez/ng2-pdf-viewer/blob/2e15eea9b54f1f14e81f6f424b5c68d3ee54c0c2/src/app/pdf-viewer/pdf-viewer.component.ts#L247C11-L262

Appreciate this is quite a big change and would require a shift in usage of the component but keen to hear your thoughts. Thanks

shamoon commented 2 months ago

“Should” pretty much always implies not a bug report but in fact a feature/change request.

studioromeo commented 2 months ago

Ah this is why I also ticked the feature request box 😄