Support non-CDN resources

google / docsy

A set of Hugo doc templates for launching open source content.

https://docsy.dev

Apache License 2.0

2.63k stars 905 forks source link

Support non-CDN resources #605

Open fnetX opened 3 years ago

fnetX commented 3 years ago

Downloading resources from CDNs (esp. those who are behind Cloudflare) is questionable from a users' privacy perspective. Technically, they even have to be mentioned in the privacy statement as of German law here.

What do you think about adding a config option for not relying on external providers. When you don't want to update all dependencies in your repository, I'd even be fine manually overriding the URLs and updating them manually.

It'd be nice to hear your opinion and if this project is suitable for people caring about privacy at all, or if we should rather avoid it.

LisaFC commented 3 years ago

I'm not sure how this would work as a config option, but you can always create your own copies of the relevant layouts and just put in your own URLs.

@gwatts, you mentioned this in #432, interested to hear your thoughts.

dominikh commented 3 years ago

I'm not sure how this would work as a config option, but you can always create your own copies of the relevant layouts and just put in your own URLs.

One possibility would be providing a URL to the resource in an option, which possibly defaults to a CDN for backwards compatibility. Devs concerned with privacy/the GDPR can put the appropriate files in their /static and link to those.

Natureshadow commented 2 years ago

Oh great. I just migrated my site to this theme, only to find it to load an incredible amount of external resources, completely ignoring any privacy regulations.

I should have known when seeing that it is made by Google…

fnetX commented 2 years ago

For everyone landing here, I just want to recommend having a look at https://squidfunk.github.io/mkdocs-material/ - we went with it after docsy wasn't what we were looking for. It's awesome, somewhat lightweight compared to the amount of features, and the community is nice. :wink:

heinrich-ulbricht commented 2 years ago

As heads-up: this topic currently gets some traction in Germany. People are getting fined for pulling in fonts from Google servers because this gives their IP address (which seems to be PII) to Google, without user consent. -> https://www.golem.de/news/google-fonts-abmahnungen-an-webseitenbetreiber-mit-google-schriftarten-2208-167472.html

chalin commented 2 years ago

Hi @fnetX! IMHO, this is a very reasonable request, and quite doable (since Hugo v0.90+). Sorry to see you go. Thanks for the link to Material for MkDocs, the resulting sites look amazing! I'm hoping that we can get inspiration from them.