From 07b56991b8ec919593b4f24944c7cf177ea2896e Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Thu, 12 Mar 2020 11:17:28 +0100
Subject: [PATCH] Remove remote access to google hosted fonts

Fonts used by this system are already hosted locally. There are, for
example, the following @font-family rules for Merriweather with default
font attributes:

From mpicms/static/css/fonts.css:

    @font-face {
        font-family: 'Merriweather';
        font-style: normal;
        font-weight: 400;
        font-display: swap;
        src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-fCZM.woff2) format('woff2');
        unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
     }

From mpicms/templates/fonts.html

    @font-face {
        font-family: 'Merriweather';
        src: local('Merriweather Regular'), local('Merriweather-Regular'),
            url('{% static 'fonts/subset-Merriweather-Regular.woff2' %}') format('woff2'),
            url('{% static 'fonts/subset-Merriweather-Regular.woff' %}') format('woff');
        font-weight: normal;
        font-style: normal;
}

According to the rules in [Css Fonts Module Level3] 4.6 "Using character
ranges to define composite fonts", these rules should combine into a
composite font. For code points available in both rules (and font files), the
last rule should take precedence.

However, experiments show, that firefox might download the font files
from the first rule, even though all used code points are in fact available
from the second rule.

Although it remains unclear, why exactly the rules with the remote urls
are used, this is something we don't want for privacy reasons.

Remove fonts.css and its references. All fonts used by the cms are
assumed to be provided by the rules in the fonts.html template.

A quick visual comparison didn't show any visible difference, whether
fonts.css is removed or not.
---
 mpicms/static/css/fonts.css                   | 126 ------------------
 mpicms/templates/base.html                    |   1 -
 .../templates/personal/contact_list_raw.html  |   1 -
 3 files changed, 128 deletions(-)
 delete mode 100644 mpicms/static/css/fonts.css

diff --git a/mpicms/static/css/fonts.css b/mpicms/static/css/fonts.css
deleted file mode 100644
index c967f22..0000000
--- a/mpicms/static/css/fonts.css
+++ /dev/null
@@ -1,126 +0,0 @@
-/* cyrillic-ext */
-@font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Light'), local('Merriweather-Light'), url(https://fonts.gstatic.com/s/merriweather/v21/u-4n0qyriQwlOrhSvowK_l521wRZVcf6lvg.woff2) format('woff2');
-    unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-  }
-  /* cyrillic */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Light'), local('Merriweather-Light'), url(https://fonts.gstatic.com/s/merriweather/v21/u-4n0qyriQwlOrhSvowK_l521wRZXMf6lvg.woff2) format('woff2');
-    unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-  }
-  /* vietnamese */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Light'), local('Merriweather-Light'), url(https://fonts.gstatic.com/s/merriweather/v21/u-4n0qyriQwlOrhSvowK_l521wRZV8f6lvg.woff2) format('woff2');
-    unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-  }
-  /* latin-ext */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Light'), local('Merriweather-Light'), url(https://fonts.gstatic.com/s/merriweather/v21/u-4n0qyriQwlOrhSvowK_l521wRZVsf6lvg.woff2) format('woff2');
-    unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-  }
-  /* latin */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Light'), local('Merriweather-Light'), url(https://fonts.gstatic.com/s/merriweather/v21/u-4n0qyriQwlOrhSvowK_l521wRZWMf6.woff2) format('woff2');
-    unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-  }
-  /* cyrillic-ext */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-cSZMZ-Y.woff2) format('woff2');
-    unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-  }
-  /* cyrillic */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-eCZMZ-Y.woff2) format('woff2');
-    unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-  }
-  /* vietnamese */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-cyZMZ-Y.woff2) format('woff2');
-    unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-  }
-  /* latin-ext */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-ciZMZ-Y.woff2) format('woff2');
-    unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-  }
-  /* latin */
-  @font-face {
-    font-family: 'Merriweather';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-fCZM.woff2) format('woff2');
-    unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-  }
-  /* latin-ext */
-  @font-face {
-    font-family: 'Merriweather Sans';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Sans Light'), local('MerriweatherSans-Light'), url(https://fonts.gstatic.com/s/merriweathersans/v11/2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1eYCDK0hZmzA.woff2) format('woff2');
-    unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-  }
-  /* latin */
-  @font-face {
-    font-family: 'Merriweather Sans';
-    font-style: normal;
-    font-weight: 300;
-    font-display: swap;
-    src: local('Merriweather Sans Light'), local('MerriweatherSans-Light'), url(https://fonts.gstatic.com/s/merriweathersans/v11/2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1eYCDE0hY.woff2) format('woff2');
-    unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-  }
-  /* latin-ext */
-  @font-face {
-    font-family: 'Merriweather Sans';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Sans'), local('MerriweatherSans-Regular'), url(https://fonts.gstatic.com/s/merriweathersans/v11/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX7QjX78w.woff2) format('woff2');
-    unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-  }
-  /* latin */
-  @font-face {
-    font-family: 'Merriweather Sans';
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-    src: local('Merriweather Sans'), local('MerriweatherSans-Regular'), url(https://fonts.gstatic.com/s/merriweathersans/v11/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2) format('woff2');
-    unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-  }
\ No newline at end of file
diff --git a/mpicms/templates/base.html b/mpicms/templates/base.html
index 3e2c939..aaf5a93 100644
--- a/mpicms/templates/base.html
+++ b/mpicms/templates/base.html
@@ -22,7 +22,6 @@
         <link rel="stylesheet" href="{% static 'css/bulma.min.css' %}">
         <link rel="stylesheet" href="{% static 'css/custom.css' %}">
         <link rel="stylesheet" href="{% static 'css/fontawesome.min.css' %}">
-        <link rel="stylesheet" href="{% static 'css/fonts.css' %}">
         <link rel="stylesheet" href="{% static 'css/pygmentize.css' %}">
 
         <!-- Event calendar -->
diff --git a/mpicms/templates/personal/contact_list_raw.html b/mpicms/templates/personal/contact_list_raw.html
index bcb1dbc..8a07ac5 100644
--- a/mpicms/templates/personal/contact_list_raw.html
+++ b/mpicms/templates/personal/contact_list_raw.html
@@ -19,7 +19,6 @@
         <link rel="stylesheet" href="{% static 'css/bulma.min.css' %}">
         <link rel="stylesheet" href="{% static 'css/custom.css' %}">
         <link rel="stylesheet" href="{% static 'css/fontawesome.min.css' %}">
-        <link rel="stylesheet" href="{% static 'css/fonts.css' %}">
 
         <script src="{% static 'js/main.js' %}" defer></script>
         <script src="{% static 'js/list.min.js' %}"></script>