Page MenuHomePhabricator
Create Task
Maniphest T304107

bn.wikibooks loads fonts from third party sites
Closed, ResolvedPublic
Actions

Description

This stylesheet loads fonts from rawgit and google. This is enabled by default on every page (loaded from common.css). Like T303921, it's a violation of the privacy policy that should be fixed asap. I see a dozen CSP errors (report only) in the console, so there may be more stylesheets loading external resources.

Related Objects

Event Timeline

Daimona created this task.Mar 17 2022, 6:44 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 17 2022, 6:44 PM
Daimona triaged this task as Unbreak Now! priority.Mar 17 2022, 6:44 PM
Zabe added a subscriber: Zabe.Mar 17 2022, 6:45 PM
Daimona added a project: Privacy Engineering.Mar 17 2022, 7:41 PM
Mahir256 added a project: Bengali-Sites.Mar 17 2022, 8:27 PM
Mahir256 added subscribers: Aishik_Rehman, Mahir256.

The two references to fonts.googleapis.com use fonts which exist on wmflabs's FontCDN and can thus be substituted accordingly:

@import url(https://tools-static.wmflabs.org/fontcdn/css?family=Hind+Siliguri);
@import url(https://tools-static.wmflabs.org/fontcdn/css?family=Baloo+Da+2);

The other fonts can and should be removed absent indications that they are free/open-source and thus readily hostable on Wikimedia servers. Some references to these fonts in other stylesheets include, on a cursory search, https://bn.wikibooks.org/wiki/ব্যবহারকারী:Aishik_Rehman/common.css and https://bn.wikibooks.org/wiki/মিডিয়াউইকি:Perbook/Wikijunior:Countries_A-Z.css.

taavi claimed this task.Mar 17 2022, 8:47 PM
taavi added a subscriber: taavi.

Disabled these by default too: https://bn.wikibooks.org/w/index.php?title=%E0%A6%AE%E0%A6%BF%E0%A6%A1%E0%A6%BF%E0%A6%AF%E0%A6%BC%E0%A6%BE%E0%A6%89%E0%A6%87%E0%A6%95%E0%A6%BF:Common.css&diff=prev&oldid=43917 Leaving this task open for any possible follow-ups.

In T304107#7787111, @Mahir256 wrote:

The two references to fonts.googleapis.com use fonts which exist on wmflabs's FontCDN and can thus be substituted accordingly:

Toolforge is not hosted on the production cluster which means that resources can't be loaded from there without user consent like any other third-party site.

RhinosF1 mentioned this in T304108: viwiki loads font from google for all users.Mar 17 2022, 8:51 PM
Peachey88 added a subscriber: Peachey88.Mar 18 2022, 9:09 AM
Mahir256 mentioned this in T304208: bn.wikisource.org loads by default resources from tools-static.wmflabs.org.Mar 20 2022, 12:36 AM
JFishback_WMF moved this task from Incoming to Watching on the Privacy Engineering board.Mar 21 2022, 2:55 PM
taavi closed this task as Resolved.Mar 29 2022, 6:30 PM
Ahmad_Kanik moved this task from Backlog to Closed on the Bengali-Sites board.May 22 2022, 6:03 AM
JFishback_WMF moved this task from Watching to Completed on the Privacy Engineering board.Apr 17 2023, 4:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL