Polyfill CDN, defer and GDPR
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Polyfill CDN, defer and GDPR
I noticed, that the default Aimeos theme makes a request to https://cdn.polyfill.io/v2/polyfill.min.js
I think there are a few issues with this:
- This might breach GDPR conformity of a site, by sending data to a third party server
- Loading the polyfill script at the bottom of the page and with "defer" option might load the script too late (when other scripts requiring a polyfill are already being executed)
Therefore my question: is it required to use polyfill for more or less modern browsers (using the standard JS scripts from Aimeos)?
I think there are a few issues with this:
- This might breach GDPR conformity of a site, by sending data to a third party server
- Loading the polyfill script at the bottom of the page and with "defer" option might load the script too late (when other scripts requiring a polyfill are already being executed)
Therefore my question: is it required to use polyfill for more or less modern browsers (using the standard JS scripts from Aimeos)?
Re: Polyfill CDN, defer and GDPR
GDPR only makes statements about cookies for tracking but the server doesn't send any cookie so using the polyfill script is save.
You may be right. Can you create a PR that removes the defer attribute?
It's only required for IE 11 I think as we are not using much advanced JS. For a current Chrome and Firefox browser, the returned script doesn't contain any polyfills.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos,
give us a star
If you like Aimeos,
give us a starRe: Polyfill CDN, defer and GDPR
GDPR is also about sharing personal user data with third parties, and that is what happens, when you make a call to a CDN. There are cease and desist cases for german websites because they are using Google Fonts.GDPR only makes statements about cookies for tracking but the server doesn't send any cookie so using the polyfill script is save.
I just checked out the latest aimeos-laravel, but couldn't find the deferred call to the polyfill script. Maybe it was me who added it when I started with the projectYou may be right. Can you create a PR that removes the defer attribute?
Ok thanks. I'll try to remove it.It's only required for IE 11 I think as we are not using much advanced JS. For a current Chrome and Firefox browser, the returned script doesn't contain any polyfills.