thirtybees / niara

Niara, thirty bees default theme since v1.1.0.
https://thirtybees.com
9 stars 26 forks source link

Third party dependencies #60

Closed BsAtHome closed 3 months ago

BsAtHome commented 2 years ago

Hi,

There are in both front- and back-end dependencies to several third parties. The front-end calls out to (through niara theme css):

The back-end calls out to (thus far detected):

The most problematic are in the front-end, where you really would like to have isolated site content when you serve it from your server. This prevents any possible indirect third party tracking from user's website use. The actual extra data transferred from the front-end is rather minimal and insignificant if you consider caches on the browser side and the general huge images in articles/products/etc.. The Raleway font is licensed under the standard SIL license and can therefore be redistributed without any problem (and it is already included in the LICENSES file).

For the fonts in the front-end I would suggest to make the following change to the niara theme (see file-link below):

  1. Add an @import url("font-Raleway.css"); to the global theme CSS file
  2. Add the font-files (ttf files) and the font-Raleway.css file to the theme
  3. remove the fonts.googleapis.com reference in the header.tpl file

The polyfill in the front-end is actually something from old-age times. The IntersectionObserver, which is requested in the polyfill, is implemented in most browsers. Question could then be why it it still needed. OTOH, if you want to make sure, then it would be no problem to add the polyfill to the set of loaded js files from a local source. Simply add the js file and change the reference in header.tpl. The polyfill code will actually check if it is natively supported. Adding the js-file requires an update of the LICENSES file to add https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document to it, which is the license of the polyfill. But that should be no problem at all.

I can't attach the files needed (github apparently does not let me), but they can be downloaded from https://www.vagrearg.org/upload/niara-frontend-files/

The back-end will need a bit more work because it is more integrated and partly hard-coded. However, the back-end references are not the largest problem for now. The customers are the ones needing most/best protection, so that automatically prioritizes the front-end.

-- Greetings Bertho