search

etix / mirrorbits

Mirrorbits is a geographical download redirector written in Go for distributing files efficiently across a set of mirrors.
MIT License
503 stars 91 forks source link

Consider bundling static files #135

Open zen-fu opened 1 year ago

zen-fu commented 1 year ago

By default, the Mirrorbits web UI currently loads static files (CSS/JS/fonts) from different upstream providers, which impacts users' privacy by leaking browsing habits to those providers.

Even though there are workarounds that could be implemented by individual user's (eg. using Tor) and sysadmins (eg. using LocalJSPath), Mirrorbits could also bundle those files to provide out-of-the-box mitigation for this issue for all Mirrorbits users.

The contrib/localjs/fetchfiles.sh could probably serve as part of the solution if it's integrated in the release workflow.

We were considering implementing the automated fetching and serving of static files in our Mirrorbits instance, but decided to ask here before proceeding, in case that's something Mirrorbits would consider solving upstream.

Thanks for the nice piece of software. :-)

jbkempf commented 10 months ago

Yes, this should be fixed upstream. Please send patches.