Page MenuHomePhabricator
Create Task
Maniphest T256506

Gitiles on Gerrit 3.2 test instance loads fonts from third-party domain
Closed, ResolvedPublicBUG REPORT
Actions

Description

This was originally reported by @Paladox. Thanks!

This is not specific to Gerrit 3.2. Also gitiles of our currently live Gerrit v2.15.14 on gerrit.wikimedia.org is affected by this.

Upstream fix is at https://gerrit-review.googlesource.com/c/gerrit/+/273371

Related Objects
Search...

Event Timeline

QChris created this task.Jun 26 2020, 8:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 26 2020, 8:11 PM
QChris added a parent task: T254158: Gerrit 3.2 upgrade.Jun 26 2020, 8:11 PM
QChris added a comment.Jun 26 2020, 8:14 PM

Not sure they'll accept the upstream fix, since Gerrit does not provide all fonts in all weights that gitiles wants.
But Gerrit offers suitable alternatives (E.g.: gitiles wants 'Open Code Pro' as monospace font. Gerrit does not have 'Open Code Pro', but offers 'Roboto Mono').

The fix is currently deployed on https://gerrit-test.wikimedia.org

QChris closed this task as Resolved.Jun 26 2020, 8:14 PM
QChris claimed this task.
QChris updated the task description. (Show Details)
QChris mentioned this in T255977: Gerrit 3.x test instance loads content from third-party website fonts.gstatic.com.
QChris added a subscriber: Paladox.
QChris changed the subtype of this task from "Task" to "Bug Report".Jun 26 2020, 8:16 PM
QChris added a comment.Jun 26 2020, 8:56 PM

Since there was a question on T255977 regarding this gitiles fix, let's have a gitiles sample URL: https://gerrit-test.wikimedia.org/g/mediawiki/extensions/Translate/+/e59e33168f13d31867da701fec2640a099d37cae

This URL loads only resources from gerrit-test.wikimedia.org.
It also loads the fonts from gerrit-test.wikimedia.org.

gitiles base.css for review is at https://gerrit-test.wikimedia.org/r/plugins/gitiles/+static/base.css
It no longer holds font @imports from 3rd party domains.

Aklapper added a project: Privacy.Jun 27 2020, 12:47 AM
QChris added a project: Upstream.Jun 27 2020, 8:16 AM
hashar subscribed.Jun 27 2020, 4:07 PM
In T256506#6260855, @QChris wrote:

Since there was a question on T255977 regarding this gitiles fix, let's have a gitiles sample URL: https://gerrit-test.wikimedia.org/g/mediawiki/extensions/Translate/+/e59e33168f13d31867da701fec2640a099d37cae

This URL loads only resources from gerrit-test.wikimedia.org.
It also loads the fonts from gerrit-test.wikimedia.org.

gitiles base.css for review is at https://gerrit-test.wikimedia.org/r/plugins/gitiles/+static/base.css
It no longer holds font @imports from 3rd party domains.

Perfect! Thank you :)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits