kellyarnett Posted April 27 Share Posted April 27 (edited) Recently, a local attorney has been issuing warnings about 'unlawful use of personal data,' specifically targeting the transfer of visitor IP addresses to Google USA, and demanding 190 Euros for each case. While disputable, it's become an issue. For my own sites, I've managed to host Google fonts locally to avoid this, but a client's site using CC is still directly linking to Google, leading to a warning. Does anyone know a straightforward method to switch all font calls to a locally hosted solution via a single CSS file? My aim is to avoid manually editing numerous files. Any guidance or solutions would be greatly appreciated. Edited April 27 by kellyarnett Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted April 27 Share Posted April 27 The best way to secure your site is to upgrade it to the latest version. If you delete everything apart from the files and folders in the upgrade instructions and malicious content should be removed. Sorry that you've been having to deal with this. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 27 Share Posted April 27 If interested, please read: No joke: Cloudflare takes aim at Google Fonts with ROFL https://www.theregister.com/2023/09/26/cloudflare_fnnts/ Website fined by German court for leaking visitor's IP address via Google Fonts https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/ Personally, I have evaluated the "Open Sans" font from Google as being completely unnecessary at this time. Perhaps, in the distant past, some browsers did not have a complete set of symbols for the entire UTF codepoints (which, if so, will show as black diamonds or upside down question marks). Perhaps, at that time, CubeCart's decision to pull in a font from a third-party was to solve that issue. In the Foundation skin template 'element.css.php', delete line 1 - the <link> statement. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 27 Share Posted April 27 What could be done, to survive upgrades, is to write a code snippet that will register a Smarty output filter (changes the rendered template output prior to actually releasing the output) that preg_replaces any string that has: googleapis.* type='text/css' with a blank line. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 29 Share Posted April 29 (edited) Also, with respect to the web page, as delivered to the visitor, containing a link to 'Gravatar' to fetch the gravatar image of each of the product reviewers, the skin has a 'config.xml' file with this statement (in context): <gravatar_ajax>true</gravatar_ajax> </info> If the <gravatar_ajax> node is not present, add it where shown. Change the true to false. Have CubeCart clear its internal cache. OR... In admin Store Settings, Features tab, Reviews section, for "Enable Product Reviews/Comments", choose "Enabled (Gravatar Disabled)". Edited April 29 by bsmither Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 29 Share Posted April 29 As mentioned earlier, following is a code snippet that will strip out the HTML statement that is the link to the Google APIs to fetch the font. In admin, Manage Hooks, Code Snippets tab, click the Add Snippet link. On the page that follows, enter the following in the form: Enabled: checked Unique ID: deleteGoogleFontsLink@cc600+ Execution Order: 99 Description: Removes Google Fonts link just prior to delivering the compiled template code. Trigger: controller.index Version: 1.0 Author: https://forums.cubecart.com/topic/59060-any-guidance/ PHP Code: Argh! I tried to use the code edit window to enter the Code Snippet code, but Cloudflare is blocking me! So, until @Al Brookbanks gives advice on how to contribute PHP code, this will have to wait. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.