Any guidance

[kellyarnett]

Recently, a local attorney has been issuing warnings about 'unlawful use of personal data,' specifically targeting the transfer of visitor IP addresses to Google USA, and demanding 190 Euros for each case. While disputable, it's become an issue. For my own sites, I've managed to host Google fonts locally to avoid this, but a client's site using CC is still directly linking to Google, leading to a warning. Does anyone know a straightforward method to switch all font calls to a locally hosted solution via a single CSS file? My aim is to avoid manually editing numerous files. Any guidance or solutions would be greatly appreciated.

Edited April 27 by kellyarnett

[Al Brookbanks]

The best way to secure your site is to upgrade it to the latest version. If you delete everything apart from the files and folders in the upgrade instructions and malicious content should be removed.

Sorry that you've been having to deal with this. 

[bsmither]

If interested, please read:

No joke: Cloudflare takes aim at Google Fonts with ROFL
https://www.theregister.com/2023/09/26/cloudflare_fnnts/

Website fined by German court for leaking visitor's IP address via Google Fonts
https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/

Personally, I have evaluated the "Open Sans" font from Google as being completely unnecessary at this time.

Perhaps, in the distant past, some browsers did not have a complete set of symbols for the entire UTF codepoints (which, if so, will show as black diamonds or upside down question marks). Perhaps, at that time, CubeCart's decision to pull in a font from a third-party was to solve that issue.

In the Foundation skin template 'element.css.php', delete line 1 - the <link> statement.

[bsmither]

What could be done, to survive upgrades, is to write a code snippet that will register a Smarty output filter (changes the rendered template output prior to actually releasing the output) that preg_replaces any string that has:

googleapis.* type='text/css'

with a blank line.

 

[bsmither]

Also, with respect to the web page, as delivered to the visitor, containing a link to 'Gravatar' to fetch the gravatar image of each of the product reviewers, the skin has a 'config.xml' file with this statement (in context):

	<gravatar_ajax>true</gravatar_ajax>
  </info>

If the <gravatar_ajax> node is not present, add it where shown. Change the true to false. Have CubeCart clear its internal cache.

OR... In admin Store Settings, Features tab, Reviews section, for "Enable Product Reviews/Comments", choose "Enabled (Gravatar Disabled)".

Edited April 29 by bsmither

[bsmither]

As mentioned earlier, following is a code snippet that will strip out the HTML statement that is the link to the Google APIs to fetch the font.

In admin, Manage Hooks, Code Snippets tab, click the Add Snippet link.

On the page that follows, enter the following in the form:

Enabled: checked
Unique ID: deleteGoogleFontsLink@cc600+
Execution Order: 99
Description: Removes Google Fonts link just prior to delivering the compiled template code.
Trigger: controller.index
Version: 1.0
Author: https://forums.cubecart.com/topic/59060-any-guidance/
PHP Code:

Argh! I tried to use the code edit window to enter the Code Snippet code, but Cloudflare is blocking me!

So, until @Al Brookbanks gives advice on how to contribute PHP code, this will have to wait.