- This topic has 7 replies, 3 voices, and was last updated 2 years, 2 months ago by
Aaron Kessler.
-
AuthorPosts
-
December 26, 2022 at 1:47 AM #40029
Aaron Kessler
ParticipantWhy are you registering popper and tippy via unpkg.com? This is causing console.errors when developing offline.
December 26, 2022 at 9:11 PM #40036Peter
ModeratorHello,
Thanks for your feedback.
If you develop your site online, there are some benefits when using unpkg to load the file from global CDN. If you develop your site offline, you can download the file to the computer and replace the unpkg URL with your local URL.
December 26, 2022 at 9:55 PM #40037ParticipantAs long as there is internet available, everything works, of course. I guess one could unregister your script and register them again using a local copy. Why is it beneficial to use a CDN? It's easy to violate GDPR this way, using mb front end submission. I would not do this, and suggest you include your dependencies locally. In my point of view, there is no harm in doing so.
Meta Box website, plugin and all extensions are 100% GDPR-compatible. (https://metabox.io/privacy-policy/)
This is not true, since you should ask for consent before IP addresses are transferred to third parties. I think no one cares if that happens on the backend of a content management system, but for the front end, it's another story.
December 30, 2022 at 4:59 PM #40068ParticipantSo this is marked as resolved with the reason "some benefits" and that's it? What's about the unpkg usage on the front end and GDPR concerns?
January 4, 2023 at 11:00 PM #40116ModeratorHello,
Sorry for the late reply, there are so many tickets on our system for the past few days.
Using the unpkg link is not violate GDPR compliance if you have a notice that what data you collect from the user/visitor (what do you think about GDPR concern if you use Google Analytic link on your site?). Besides that unpkg is using Cloudflare to deliver the package via CDN and Cloudflare rule is very strict about GDPR compliance so you don't worry about that.
January 5, 2023 at 1:00 AM #40123ParticipantIt is not about what data I collect, but which data will be processed by third parties, especially outside the EU. If I transfer visitor data like ip addresses without legitimate interest to google analytics, or another third parties, I have to ask the visitor before doing so to be GDPR-compliant. In Germany, we have recently had problems with lawyers who have issued legal warnings to website operators for the use of fonts hosted by google because of a recent judgment wich condemed the website owner to pay the visitor for "personal indisposition" (sounds crazy, I know). Technically, using unpgkg.com this is not different. It is advised to sign a CP-contract with third parties who is processing visitor data, or rely on corporate binding rules, which are heavily disputed over here since there are judgements that EU equivalent level of data protection could not be provided from a CDN concerning Cloudflare, so I can't agree with your statement that "Cloudflare rule is very strict about GDPR compliance, so you don't worry about that." Also transferring data outside the EU for displaying a tooltip, is hardly arguable as legitimate interest. As a web design provider, I don't want to deal with this legal complexity if I don't have to, and you should not force your customers to do custom coding to get around this. Hosting the necessary JavaScript locally makes it so much easier to be GDPR-compliant, and I can't see why it is beneficial to use Cloudflare unless I want to serve a high traffic website to visitors worldwide.
January 6, 2023 at 8:36 AM #40138Anh Tran
KeymasterHi Aaron,
The purpose of using a CDN is to share the libs across extensions. Currently tooltip is used in the Tooltip and Builder extensions (backend). We'll move them to local in the next version.
January 6, 2023 at 9:06 AM #40139ParticipantThanks, this is a reasonable explanation. So maybe bundling them with the meta box core plugin is a solution to get around this. I appreciate your decision to include it.
Currently tooltip is used in the Tooltip and Builder extensions (backend).
Backend is not 100% correct. As I wrote with mb front end submission, you can use this library on the front end, and therefore the reason I initially complained about GDPR compliance.
-
AuthorPosts
- You must be logged in to reply to this topic.