I want to discuss a (minor) antipattern that I think is (slightly) harmful. Lots of websites use large Javascript libraries. They often include them by using a 3rd party Content Delivery Network li…
Well, I did specifically pick out fonts, because those very rarely get updates. Many of them have been created years ago and are just sort of “finished”.
And if they do get an update, it’s rarely security-relevant.
When I asked a webdev colleague about it, he told me that it takes 1 minute to add the link and 5 minutes to bundle the font file, and none of his customers complained so far.
Privacy and security are just not a concern here, because they’re not a concern for his customers.
I can only assume it’s because of possible future updates. As unlikely as it sounds that’s the main driver for using external libraries like jQuery.
Just tell anyone who tries to download the font that they could instead use the convenient link and not have to worry about it.
Well, I did specifically pick out fonts, because those very rarely get updates. Many of them have been created years ago and are just sort of “finished”. And if they do get an update, it’s rarely security-relevant.
When I asked a webdev colleague about it, he told me that it takes 1 minute to add the link and 5 minutes to bundle the font file, and none of his customers complained so far.
Privacy and security are just not a concern here, because they’re not a concern for his customers.