Closed arsinclair closed 2 years ago
Hello and thank you for bringing this to our attention. You’re right that disableIxlibParam
isn’t working as intended; we’ve identified the cause of the issue internally and should be rolling out a fix sometime this upcoming week.
In the past, the library parameter has been useful for users who write in to our support channel. Having information on-hand like the library where the request originated from has allowed us to provide smoother support more quickly. The good news is that with the subsequent fix we are making, you should be able to globally disable the library parameter through the gatsby-config file [1 ][2 ].
In terms of the differences between disableIxlibParam
and includeLibraryParam
, this is mostly a difference of usage and scope. disableIxlibParam is used as a setting in gatsby-config.js
, letting the user for instance disable the ixlib paramters by default, while includeLibraryParam
is used on a function by function basis, letting the user override their global setting depending on their need. You’re absolutely right that our documentation is unclear on this point, and we’re planning on updating that alongside our fix.
It's good to know this is a bug. Do you have a time estimate when the fix will be ready?
Hi @arsinclair, we're still working on this. We don’t currently have an ETA for when we’ll be deploying a fix, but we’ll make sure update this thread when we do.
Hi @arsinclair, we've deployed our fix for this issue in 2.0.4. Thank you again for reporting this, and please don't hesitate to comment on this issue if we missed something and I'll be sure to re-open it.
https://domain.net/image.jpg?ixlib=gatsbySourceUrl-2.0.2
. When it is set to true, the URLs look like this:https://domain.net/image.jpg?ixlib=js-3.5.1
.I expect that
disableIxlibParam
should disable any variation of ixlib param.Another question is why something that's claimed to be a diagnostic mechanism is enabled by default? Can we switch it off by default? Imagine that a security vulnerability is found in a specific version of a plugin. Exposing the version of the library in the URLs of every image can expedite identification of many vulnerable sites that use this specific version.
The documentation (README.md) has some discrepancies: sometimes it says that do disable the ixlib param, one needs to set
includeLibraryParam
tofalse
, other times it says that in order to disable it,disableIxlibParam
should be set totrue
. None of this settings (and their combination) allows to disable the version of the library entirely.Information: