ArtOfCode-
commented
4 years ago It's a balance. On one hand, if we want to self-host everything, we have to put in the time to collect, host, and maintain with updates all the files we're hosting. On the other, we can load from a CDN, which comes with some minor security considerations, but removes the burden of maintenance.
CDNs can also speed up the load time of static assets, depending on what CDNs you use and how they work. Loading things from Cloudflare's CDN, for example, is going to be faster than self-hosting for anyone who's not in the US - our app server is in the US, but Cloudflare has datacenters around the world that can serve static assets from closer to end-users. The same may be true of other CDNs; self-hosting those assets may remove or alter that benefit.
ghost
cellio
Is your feature request related to a problem? Please describe. Currently qpixel makes many third party requests to various CDNs.
While using third party CDNs doesn't speed up the load time of static assets (especially when using http/2) it's also not exactly beneficial for user privacy.
Additionally qpixel doesn't use CSP for scripts hosted on third party domains which is a security issue.
Describe the solution you'd like Selfhosting all the static assets that are currently loaded using third party CDNs would solve performance issues caused by third party CDNs and increase the the security of the web page (no more scripts loaded from third party domains).
Describe alternatives you've considered Using SRI for script tags. However this wouldn't solve the privacy and performance issues.