Thanks! will try to take a look :) On Tue, 6 Apr 2021 at 21:32, Ali Alhaidary <[email protected]> wrote: > > well done, thanks > > Ali > > On 4/6/21 5:30 PM, Peter-Otto Weber wrote: > > Here u are: OPENMEETINGS-2605 > > > > Gesendet von Mail für Windows 10 > > > > Von: Ali Alhaidary > Gesendet: Dienstag, 6. April 2021 16:23 > An: [email protected] > Betreff: Re: gstatic.com > > > > I second that, please create a jira > > Ali > > On 4/6/21 5:10 PM, Maxim Solodovnik wrote: > > Well, > > > > bootswatch is used for theming > > it loads fonts via > > > > @import url("https://fonts.googleapis.com/css?family=Roboto:400,500,700";) > > > > and I doubt it can be changed using custom.css :((( > > I can try to add theme switching via Admin->Config > > and add something like "" <empty> for no theme .... > > > > might worth JIRA, can you create it? :) > > > > On Tue, 6 Apr 2021 at 21:04, Peter-Otto Weber <[email protected]> wrote: > > Hello Maxim, > > > > just found the reference myself in > > <link rel="stylesheet" type="text/css" > href="./wicket/resource/de.agilecoders.wicket.themes.markup.html.bootswatch.BootswatchCssReference/css/bootstrap.sandstone-ver-B164B91379C7277B723B262D93226799.css" > id="wb-theme" nonce="xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" /> > > > > Are you aware that this font is causing a data privacy Problem as an > „external“ Server, esp. Google, is referenced? > > > > I wonder why it is not possible to avoid this? > > > > Maybe a wish for the future. I am offering OM to customers who want a really > „isolated“ System with no Kind of external references. > > > > In my opinion „roboto“ could be removed / avoided by using „standard Fonts“. > > > > What do you mean About this? > > > > Best wishes > > > > POW > > > > Gesendet von Mail für Windows 10 > > > > Von: Maxim Solodovnik > Gesendet: Dienstag, 6. April 2021 15:53 > An: Openmeetings user-list > Betreff: Re: gstatic.com > > > > Hello POW, > > > > yep, Roboto fonts are part of bootstrap we are using for controls > > this is why this URL is added as an exception for CSP :) > > ( font-src 'self' https://fonts.gstatic.com; ) > > > > I see no requests to gstatic, Roboto fonts is currently being loaded from > > https://fonts.googleapis.com/css?family=Roboto:400,500,700 > > > > On Tue, 6 Apr 2021 at 20:39, Peter-Otto Weber <[email protected]> wrote: > > Hello after a Long time… > > > > My customer is using > > > > Version 5.0.0-SNAPSHOT > > Revision cb5abf3 > > Build date 2020-06-13T07:53:07Z > > > > on a self hosted vm. > > > > There is a complaint from the privacy officer that NoScript Add-On for > Firefox is showing gstatic.com as blocked resource after the Login. > > > > I am able to reproduce this but can not find a cause for this. > > > > > > I checked the source Code – no reference to gstatic.com > > > > What makes this much more strange – if i only update the site the warning in > NoScript disappears. > > > > Is there any known reason why OM is referencing gstatic.com? > > > > I used Wireshark to capture the traffic but i am not able to find out the > cause in the trace. > > > > On hint might be a certificate check. > > > > And i find a part of an URL: Stream: HEADERS, Stream ID: 15, Length 205, GET > /css?family=Roboto:400,500,700 > > > > Of course there’s also the Problem that i can not clearly identify if this > data is comming out of Firefox or somewhere else from the OS. > > > > So i hope someone can explain > > Thx and have a good time. > > > > POW > > > > > -- > > Best regards, > Maxim > > > > > > > -- > > Best regards, > Maxim > >
-- Best regards, Maxim
