search

terminusdb / terminusdb-console

Management Dashboard for Terminus DB
6 stars 3 forks source link

Privacy and security vs links: 2x stylesheet, 1x shortcut icon #2

Open annainfo opened 4 years ago

annainfo commented 4 years ago

https://github.com/terminusdb/terminusdb-console/blob/master/console/index.html contains three external references that work against privacy and security:

1) link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"

2) link rel="shortcut icon" type="image/png" href="https://terminusdb.com/img/favicon.png"

3) link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous"

kevinchekovfeeney commented 4 years ago

This we should fix by removing external links

mukil commented 3 years ago

+1

As of the 4.1.0 release, when accessing the "console" (web app running on 127.0.0.1) the terminusdb-dashboard loads assets directly from the following parties:

See head inside index.html

<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="description" content="TerminusDB is an open source model driven graph database for knowledge graph representation designed specifically for the web-age.">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.9/css/all.css" integrity="sha384-5SOiIsAziJl6AWe0HWRKTXlfcSHKmYV4RBF18PPJ173Kzn7jzMyFuTtk8JA7QQG1" crossorigin="anonymous">

    <link rel="stylesheet" type="text/css" media="screen" href="https://unpkg.com/@fonticonpicker/react-fonticonpicker/dist/fonticonpicker.base-theme.react.css">
    <link rel="stylesheet" type="text/css" media="screen" href="https://unpkg.com/@fonticonpicker/react-fonticonpicker/dist/fonticonpicker.material-theme.react.css">
    <link rel="shortcut icon" type="image/png" href="https://terminusdb.com/img/favicon.png">    
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
    <link rel="stylesheet" href="https://dcm.ist/console/v4.1.0/terminusdb-console-main.css">

    <title>TerminusDB</title>
    <!--<link rel="stylesheet" href="css/main.css?v=1.0">-->
    <!--<link href="https://fonts.googleapis.com/css?family=Lexend+Deca&display=swap" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css?family=Poppins&display=swap" rel="stylesheet">-->

 </head>