On 03/09/15 21:02, Matthias Runge wrote:
> On 03/09/15 13:24, Thomas Goirand wrote:
>> Hi,
>>
>> When doing:
>> grep -r fonts.googleapis.com *
>>
>> there's 56 lines of this kind of result:
>> xstatic/pkg/bootswatch/data/cyborg/bootstrap.css:@import
>> url("https://fonts.googleapis.com/css?family=R
Thomas,
Lots of movement on this today. I was able to get Bootswatch to roll a new
package to accommodate our need to not pull in the URL by default any
longer. This is now a configurable value that can be set by a variable.
The variable's default value is still the google URL, but Horizon will
On 09/03/2015 07:58 PM, Diana Whitten wrote:
> Thomas,
>
> Sorry for the slow response, since I wasn't on the right mailing list yet.
>
> 1. I'm trying to figure out the best way possible to address this
> security breach. I think that the best way to fix this is to augment
> Bootswatch to only
On 03/09/15 13:24, Thomas Goirand wrote:
> Hi,
>
> When doing:
> grep -r fonts.googleapis.com *
>
> there's 56 lines of this kind of result:
> xstatic/pkg/bootswatch/data/cyborg/bootstrap.css:@import
> url("https://fonts.googleapis.com/css?family=Roboto:400,700";);
>
> This is wrong because:
>
m: Thomas Goirand
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev@lists.openstack.org>
> Cc:
> Subject: [openstack-dev] [horizon] Concern about XStatic-bootswatch
> imports from fonts.googleapis.com
> Date: Thu, Sep 3, 2015
Hi,
When doing:
grep -r fonts.googleapis.com *
there's 56 lines of this kind of result:
xstatic/pkg/bootswatch/data/cyborg/bootstrap.css:@import
url("https://fonts.googleapis.com/css?family=Roboto:400,700";);
This is wrong because:
1/ This is a privacy breach, and one may not agree on hitting a