search

pronamic / wp-pay-core

Core components for the WordPress payment processing library. This library is used in the WordPress plugin Pronamic Pay: https://www.pronamicpay.com/, but also allows other plugin developers to set up a payment plugin.
https://www.wp-pay.org/
GNU General Public License v3.0
27 stars 3 forks source link

Calling files remotely #143

Closed remcotolsma closed 1 year ago

remcotolsma commented 1 year ago

Offloading images, js, css, and other scripts to your servers or any remote service (like Google, MaxCDN, jQuery.com etc) is disallowed. When you call remote data you introduce an unnecessary dependency on another site. If the file you're calling isn't a part of WordPress Core, then you should include it -locally- in your plugin, not remotely. If the file IS included in WordPress core, please call that instead.

An exception to this rule is if your plugin is performing a service. We will permit this on a case by case basis. Since this can be confusing we have some examples of what are not permitted:

  • Offloading jquery CSS files to Google - You should include the CSS in your plugin.
  • Inserting an iframe with a help doc - A link, or including the docs in your plugin is preferred.
  • Calling images from your own domain - They should be included in your plugin.

Here are some examples of what we would permit:

  • Calling font families from Google or their approved CDN (if GPL compatible)
  • API calls back to your server to process possible spam comments (like Akismet)
  • Offloading comments to your own servers (like Disqus)
  • oEmbed calls to a service provider (like Twitter or YouTube)

Please remove external dependencies from your plugin and, if possible, include all files within the plugin (that is not called remotely). If instead you feel you are providing a service, please re-write your readme.txt in a manner that explains the service, the servers being called, and if any account is needed to connect.

Example(s) from your plugin:

pronamic-pay-with-mollie-for-woocommerce/packages/wp-pay/core/src/Subscriptions/SubscriptionsModule.php:537:
'https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.js',
pronamic-pay-with-mollie-for-woocommerce/packages/wp-pay/core/src/Subscriptions/SubscriptionsModule.php:545:
'https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css',
pronamic-pay-with-mollie-for-woocommerce/packages/wp-pay/core/docs/hooks.md:598:<p align="center"><a href="https://github.com/pronamic/wp-documentor"><img src="https://cdn.jsdelivr.net/gh/pronamic/wp-documentor@main/logos/pronamic-wp-documentor.svgo-min.svg" alt="Pronamic WordPre [...]
pronamic-pay-with-mollie-for-woocommerce/packages/pronamic/wp-money/docs/hooks.md:33:<p align="center"><a href="https://github.com/pronamic/wp-documentor"><img src="https://cdn.jsdelivr.net/gh/pronamic/wp-documentor@main/logos/pronamic-wp-documentor.svgo-min.svg" alt="Pronamic WordPre [...]
remcotolsma commented 1 year ago

Fixed in https://github.com/pronamic/wp-pay-core/commit/494f631aaa7bc9327339c3e5d4ae15119fa92737, https://github.com/pronamic/wp-money/commit/7867afd50117a18cf97d4959b7f42fdc2abfd291 and https://github.com/pronamic/wp-pay-core/commit/a7cb4b1daa42820a3a6a5725d585b061c7e06ece.