Upgrade Bootstrap v. 3.3.7 [ref #4219] #4806
Conversation
… Also upgrade local version for the guides. [ref #4219]
| @@ -23,8 +23,8 @@ | |||
| </f:facet> | |||
| <link type="image/png" rel="icon" href="#{resource['images/favicondataverse.png']}" /> | |||
| <link type="image/png" rel="image_src" href="#{resource['images/dataverseproject.png']}" /> | |||
| <link type="text/css" rel="stylesheet" href="#{resource['bs/css/bootstrap.min.css']}?version=#{systemConfig.getVersion()}" /> | |||
| <link type="text/css" rel="stylesheet" href="#{resource['bs/css/bootstrap-theme.min.css']}?version=#{systemConfig.getVersion()}" /> | |||
| <link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"/> | |||
There was a problem hiding this comment.
Summarizing some discussion w\ @mheppler and @kcondon Tue, using an external CDN brings up policy and technical questions.
Technical:
- Should the CDN be user-configurable without forking?
- Should there be a fallback / failover to a local copy if the CDN is down (aka - this is introducing a dependency on an additional external service)?
- Resource integrity was discussed (aka - knowing the CDN is providing the expected resource without modification); @mheppler already solved this with the
integrityattribute. - Performance implications were also discussed (without measuring, my intuition is that there would be minimal improvement from this change); but performance improvements were explicitly out of scope for this issue.
Policy:
- Use of an external CDN means that Dataverse users are potentially leaking information to the CDN (IP addresses at least, potentially other browser-specific information). More privacy concious users are more likely to be impacted (eg - private browsing session / incognito window starting with an empty cache, or users manually clearing their cache).
There was a problem hiding this comment.
This seems like a good thing to make configurable especially if easy. It would allow installations to choose CDN's near their likely consumers for a small perf increase.
There was a problem hiding this comment.
Meh. It's more likely that someone's Dataverse installation will be down that one of these popular CDNs. @pameyer are you concerned enough about privacy that you wouldn't want to run this code? If you're fine with it, let's let someone else come along and say no to CDNs. I'm excited about the performance boost.
There was a problem hiding this comment.
The other thing is that if you were worried about the privacy, an installation could theoretically mock its own cdn or something.
There was a problem hiding this comment.
@pdurbin If I measure and it doesn't show significant (aka - order of magnitude) performance improvements from the CDN, I'd definitely roll the non-CDN resources into our fork.
Whether or not that's me being too concerned about user privacy or not is a different question.
@oscardssmith mocking the CDN would require forking the code (DNS resolution would be happening on the end user / browser side).
There was a problem hiding this comment.
Don't we want to support using different CDN's without forking? this seems important for non US installations, and it would be a silly reason for people to fork.
There was a problem hiding this comment.
@pameyer ok. This reminds me of the conversation I was having with the Google Fonts guy. I was asking if it's possible to host the fonts yourself rather than getting them from a CDN and he kind of looked at me like I had three heads. For me it's about control more than privacy, I guess, but it's good to consider various angles.
@oscardssmith yeah. In case you weren't already aware, @pameyer (and many other people) already run a fork: #4784 (comment)
| @@ -23,8 +23,8 @@ | |||
| </f:facet> | |||
| <link type="image/png" rel="icon" href="#{resource['images/favicondataverse.png']}" /> | |||
| <link type="image/png" rel="image_src" href="#{resource['images/dataverseproject.png']}" /> | |||
| <link type="text/css" rel="stylesheet" href="#{resource['bs/css/bootstrap.min.css']}?version=#{systemConfig.getVersion()}" /> | |||
| <link type="text/css" rel="stylesheet" href="#{resource['bs/css/bootstrap-theme.min.css']}?version=#{systemConfig.getVersion()}" /> | |||
| <link type="text/css" rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"/> | |||
There was a problem hiding this comment.
Meh. It's more likely that someone's Dataverse installation will be down that one of these popular CDNs. @pameyer are you concerned enough about privacy that you wouldn't want to run this code? If you're fine with it, let's let someone else come along and say no to CDNs. I'm excited about the performance boost.
…local files for 3.3.7 upgrade. Also updated iframe template. [ref #4219]
Related Issues
Pull Request Checklist