Reliance on Alibaba CDN for Ant icon loading?

Hi slapbox,

Thank you for contacting us. We were not aware of this issue, which seems to be introduced by updating one of our dependencies that we use in the Real Media Library.

We have discussed the problem and will try to find a solution in the next few days to deliver the font with the Ant symbol as part of the plugin (hosted in your WordPress instead of Alibaba CDN) as it simplifies the plugin in terms of GDPR and similar laws.

However, the font Ant icon is only loaded for logged-in users in the WordPress backend when they are in the media library or in the “Insert Media” dialog. So as far as I understand you, this is the best case for your purpose.

We will keep you up-to-date in this thread as soon as a solution to remove the dependency to Alibaba CDN is available.

Best,

Jan

Hey Jan thanks for your reply!

The fonts actually attempt to load on our front-end when logged in, not only in the dashboard, and definitely not only the Media page. As soon as a I login as an administrator the fonts start trying to load, even if I’m simply viewing the homepage of our site. Can you confirm this on your end?

I’m encouraged by your response and hope to see this resolved soon! Thanks so much!

Another strange related thing, on the actual media library page I see this other failed request:

Refused to load the image 'https://dashicons%20dashicons-category/' because it violates the following Content Security Policy

I assume whatever that’s supposed to be linked to is broken? I know it’s being blocked by our CSP, but it’s invalid to begin with.

I’m also noticing, looking at the homepage in Asset Cleanup – 18 files are being loaded on the front-end of the site – even things like React translation library: /wp-content/plugins/real-media-library-lite/public/lib/i18n-react/dist/i18n-react.umd.min.js and MobX

I think a lot of things are being loaded on the front end that are not intentional. All in all these total at least 500kb.

Hi @slapbox!

Sorry for the delayed answer.

As soon as a I login as an administrator the fonts start trying to load, even if I’m simply viewing the homepage of our site. Can you confirm this on your end?

You can deactivate this behavior in Settings > Media > “Load RML on frontend”. This happens only for logged-in users to ensure media management for page builders, too.

I assume whatever that’s supposed to be linked to is broken? I know it’s being blocked by our CSP, but it’s invalid to begin with.

Can you please send a screenshot where this happens? Unfortunately I can not reprocedure this issue.

I think a lot of things are being loaded on the front end that are not intentional. All in all these total at least 500kb.

The scripts are only loaded – as mentioned before – only when you are a logged-in user with permissions to upload_files. You can deactivate this in Settings > Media.

Regards,
Matthew ??

Ah that works, thank you!

This is what I see on the Media Library page. It’s rightfully blocked by our CSP, but it also seems impossible that it’s valid to begin with. https://imgur.com/a/8tSYrpy

Is it still planned to remove the need for the CDN though? Updating our security policy to get the icons is a pain. Otherwise, great plugin! Thanks for all your help!

Hi @slapbox !

Thanks for your reply. Yeah, we are currently working on a solution for this to remove the need of the CDN. An update will be released this week.

From the screenshot, where do you get this issue? The icon is never used in the media library.

Best regards,
Matthew ??

Whoops! @mguenter the dashicon thing isn’t from RML, it just happened to appear on the Media Library alongside the other failed requests. After a grep on our server I found that it’s actually from our theme, but it doesn’t appear consistently which tricked me.

So we’re all set as soon as the CDN thing is resolved. Thanks so much for your help!

Hi @slapbox !

We just released a new version of the plugin. Please give it a try and let us know if it works on your site!

Regards,
Matthew ??

@mguenter, looks great! Thanks so much!