search

mdn / content

The content behind MDN Web Docs
https://developer.mozilla.org
Other
9.23k stars 22.5k forks source link

Advise against use of third-party CDNs #36376

Open csswizardry opened 1 month ago

csswizardry commented 1 month ago

MDN URL

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

What specific section or headline is this issue about?

How Subresource Integrity helps

What information was incorrect, unhelpful, or incomplete?

Using Content Delivery Networks (CDNs) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance…

This is almost always untrue. Cache partitions nullify any claimed caching benefits, and additional network negotiation actually adds overhead, not removes it.

What did you expect to see?

At best, a section advising against using third-party CDN hosts; at a minimum, an honest and natural stance which doesn’t describe any performance benefits.

Do you have any supporting links, references, or citations?

https://csswizardry.com/2019/05/self-host-your-static-assets/

Do you have anything more you want to share?

No response

MDN metadata

Page report details * Folder: `en-us/web/security/subresource_integrity` * MDN URL: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity * GitHub URL: https://github.com/mdn/content/blob/main/files/en-us/web/security/subresource_integrity/index.md * Last commit: https://github.com/mdn/content/commit/d71da812ee94c20658cb1916a123a42254ea545c * Document last modified: 2024-08-07T22:02:28.000Z
wbamberg commented 1 month ago

At best, a section advising against using third-party CDN hosts; at a minimum, an honest and natural stance which doesn’t describe any performance benefits.

For this particular page I'd prefer us to be neutral about CDNs, because this page is about SRI. That is, I'm +1 on removing the recommendation without adding an un-recommendation.

hamishwillee commented 1 month ago

@csswizardry Would you like to create a PR in line with https://github.com/mdn/content/issues/36376#issuecomment-2418543598 above?

bsmth commented 1 month ago

At best, a section advising against using third-party CDN hosts; at a minimum, an honest and natural stance which doesn’t describe any performance benefits.

For this particular page I'd prefer us to be neutral about CDNs, because this page is about SRI. That is, I'm +1 on removing the recommendation without adding an un-recommendation.

FWIW I don't read the current content as a recommendation to use CDNs, rather giving context about the SRI feature.

wbamberg commented 3 weeks ago

https://github.com/mdn/content/pull/36457 changes the SRI page to be more neutral, but there are at least two other pages that should be looked at:

For the first of these we could probably just remove the line about CDNs, but the second is a bit more complicated because it's actually about CDNs, so we'd need to explain the issue. But it's a glossary page so we should not go into too many details.