Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove remote access to google hosted fonts
Fonts used by this system are already hosted locally. There are, for example, the following @font-family rules for Merriweather with default font attributes: From mpicms/static/css/fonts.css: @font-face { font-family: 'Merriweather'; font-style: normal; font-weight: 400; font-display: swap; src: local('Merriweather Regular'), local('Merriweather-Regular'), url(https://fonts.gstatic.com/s/merriweather/v21/u-440qyriQwlOrhSvowK_l5-fCZM.woff2) format('woff2'); unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD; } From mpicms/templates/fonts.html @font-face { font-family: 'Merriweather'; src: local('Merriweather Regular'), local('Merriweather-Regular'), url('{% static 'fonts/subset-Merriweather-Regular.woff2' %}') format('woff2'), url('{% static 'fonts/subset-Merriweather-Regular.woff' %}') format('woff'); font-weight: normal; font-style: normal; } According to the rules in [Css Fonts Module Level3] 4.6 "Using character ranges to define composite fonts", these rules should combine into a composite font. For code points available in both rules (and font files), the last rule should take precedence. However, experiments show, that firefox might download the font files from the first rule, even though all used code points are in fact available from the second rule. Although it remains unclear, why exactly the rules with the remote urls are used, this is something we don't want for privacy reasons. Remove fonts.css and its references. All fonts used by the cms are assumed to be provided by the rules in the fonts.html template. A quick visual comparision didn't show any visible difference, whether fonts.css is removed or not.
- Loading branch information