seomoz / qless

Queue / Pipeline Management
MIT License
295 stars 76 forks source link

Do not use CDN versions of JavaScript scripts #244

Open eliemichel opened 8 years ago

eliemichel commented 8 years ago

qless web UI has no reason to depend on an access to the Internet to work, so any reference to online resources should be avoided.

I spotted at least two of them:

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" type="text/javascript"></script>
...
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>

Note that this is not just for the sake of being peculiar, I indeed don't have Internet access on the machine where I installed it.

b4hand commented 8 years ago

In general, I think relying on the CDN as the first choice is probably preferred, but we could try to fall back to a local copy when the CDN is unavailable. This should presumably solve your problem of a disconnected machine.

vadim-ex commented 8 years ago

I think Elie makes a right point. Since we are linking to fixed version of jquery, we can as well carry it. I am not sure about html5 shiv -- do we really want to support IE6-8? I mean, support IE :-) If the answer is negative, the second script can be simply removed.

vadim-ex commented 8 years ago

Note that this is not just for the sake of being peculiar, I indeed don't have Internet access on the machine where I installed it.

My understanding is, the access to internet happens on the client machine, not the qless web UI box. Did I misunderstood you?

eliemichel commented 8 years ago

@b4hand Relying on CDN is a good thing to reduce the average load time when assuming that your users will come from many different geographic places. And it takes care of caching and reduces the load on the server.

However, although I don't know how you use it, the typical use case of a WebUI is to have a pretty limited number of users that will never overload the server, plus users generally have a much quicker access to the server than to the CDN itself, since it would likely be on the same local network. Or not too far. Or even on the same machine.

So CDNs are great for high load public websites, but don't fit the current situation. Even if you use qless on a big world wide VPN, you could still have you're own CDN, but that's another issue.

Furthermore, on a more philosophical point of view, a WebUI is a shell as well as a Windowed UI would be and has so no reason to depend on external data. Can you imagine a windowed program requiring an Internet access to, say, determine it's background color? That wouldn't make sens. ;)

@vadim-moz I (try to) use qless on a completely isolated network. Server, workers, web UI, nobody has Internet access. ;)

PS: There is also a google-jsapi script.

dlecocq commented 8 years ago

Because of the limited traffic to the web UI in most cases (that's certainly the case for our use of it), and because it's typically few users visiting many pages on the UI (rather than many users visiting few pages), I have no philosophical objection to bundling up resources provided that it's allowed for in the licensing of these dependencies.

multiwave commented 8 years ago

Here's a patch for that problem, ran into it building a docker image of qless (jquery must be downloaded to 'server/static/js' first)

local_js.patch.txt