Fetch external stylesheets (which aren't from whitelisted font CDNs) to include in amp-custom style #1083
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Currently when coming across a
<link rel=stylesheet>we check if it has anhrefpointing to an allowed font URL and then it gets allowed, but if it has anhrefthat points somewhere else on an external domain then it gets removed:https://github.com/Automattic/amp-wp/blob/ac53ee79cba5d93ce1a89d37f303f4121e4566fb/includes/sanitizers/class-amp-style-sanitizer.php#L431-L447
https://github.com/Automattic/amp-wp/blob/ac53ee79cba5d93ce1a89d37f303f4121e4566fb/includes/sanitizers/class-amp-style-sanitizer.php#L348-L352
This can result in styles being broken on a site if they depend on the external styles.
I suggest that instead of just removing the style that we instead fetch the contents of the stylesheet and store it in a transient (with cache key being hash of stylesheet URL) which expires according to the
Expirestime returned in the response orMONTH_IN_SECONDS, whichever is greater. What we must absolutely avoid is the external stylesheet being fetched and refetched with each request.See #1082 where a workaround prototype plugin has been put in place until 1.0 lands: https://gist.github.com/westonruter/f272303fc4bf2d5d71fe1bd88a5fcee3
The text was updated successfully, but these errors were encountered: