- Issue created by @maxilein
- Status changed to Closed: won't fix
7 months ago 10:24am 6 May 2024 I'm sorry, but this is not possible right now and I don't want to implement it.
It would in a first step also help to get a list of all detected external libraries.
I can imagine two ways for this list:
- Create log while disabling external libraries during initial load (before caching)
- Parse all modules and active themes on a settings page (after caching)
I'm against 1, because I want to avoid a database write during initialization (for performance). Point 2 would require a lot of work, but could be useful. I have to think about...
It would be great if I could convert fixed CDN use of contrib modules into a local call to a folder where I downloaded the libraries - without having to change the code of the module/theme itself.
I'm against this option for a few reasons:
There are modules already for library management, e. g. Libraries API → or Library Manager → . But I didn't test any of these modules, so I can't tell if they are compatible with this module.
My main motivation for writing this module was to prevent the insane amount of random CSS files or jQuery sneaking into my theme. Globally disabling external libraries is only a safety measure against modules, that enable CDNs by default. If I ever want to manage or replace external libraries, I would first try one of the existing modules. If they don't work, I could write a new module named "replace_libraries", so the "disable_libraries" module won't get bloated.
Besides that, I don't want to fix symptoms. If you use modules, that enable CDNs by default, you should open an issue and explain, why this is bad. Maybe the author just never thought about the privacy and security impacts and is willing to learn. If not, you should ask yourself, if you can trust code from authors, who don't value consent.
For example the PhotoSwipe → module version 4 enables CDNs by default (and disable_libraries disables them). Since version 5.0, it is opt-in, so they appear trustworthy.
The webform → module tells a different story. GDPR and CDN related issues are known for years and I would never recommend using it. But it is the de facto standard form builder module for Drupal and I have to use it until an alternative exists. With disable_libraries I have a safety net during this time frame.