Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check: Calling remote files (js, css, images, etc). Offloading / External #486

Closed
davidperezgar opened this issue Jul 1, 2024 · 0 comments · Fixed by #566
Closed

Check: Calling remote files (js, css, images, etc). Offloading / External #486

davidperezgar opened this issue Jul 1, 2024 · 0 comments · Fixed by #566
Assignees
@davidperezgar
Labels
Checks Audit/test of the particular part of the plugin Needs Dev Anything that requires development (e.g. a pull request) [Team] Plugin Review Issues owned by Plugin Review Team
Milestone
1.2.0

Comments

@davidperezgar
Copy link
Member

This objective of this check is to detect external assets being loaded in WordPress. The users have to make it local, and we consider as an error for this check.

How could develop this check?

We could use typical assets extensions. The list could start with: css, svg, jpg, jpeg, gif, png, webm, mp4, mpg, mpeg, mp3, json, fonts, etc.

Then, we have to find if they are using external source or is being loaded locally.

Our description to developers:

Calling files remotely

Offloading images, js, css, and other scripts to your servers or any remote service (like Google, MaxCDN, jQuery.com etc) is disallowed. When you call remote data you introduce an unnecessary dependency on another site. If the file you're calling isn't a part of WordPress Core, then you should include it -locally- in your plugin, not remotely. If the file IS included in WordPress core, please call that instead.

An exception to this rule is if your plugin is performing a service. We will permit this on a case by case basis. Since this can be confusing we have some examples of what are not permitted:
 
Offloading jquery CSS files to Google - You should include the CSS in your plugin.
Inserting an iframe with a help doc - A link, or including the docs in your plugin is preferred.
Calling images from your own domain - They should be included in your plugin.
 
Here are some examples of what we would permit:
 
Calling font families from Google or their approved CDN (if GPL compatible)
API calls back to your server to process possible spam comments (like Akismet)
Offloading comments to your own servers (like Disqus)
oEmbed calls to a service provider (like Twitter or YouTube)

Please remove external dependencies from your plugin and, if possible, include all files within the plugin (that is not called remotely). If instead you feel you are providing a service, please re-write your readme.txt in a manner that explains the service, the servers being called, and if any account is needed to connect.

Example(s) from your plugin:
@davidperezgar davidperezgar added Needs Dev Anything that requires development (e.g. a pull request) Checks Audit/test of the particular part of the plugin [Team] Plugin Review Issues owned by Plugin Review Team labels Jul 1, 2024
@davidperezgar davidperezgar self-assigned this Aug 10, 2024
@davidperezgar davidperezgar mentioned this issue Aug 10, 2024
Merged
6 tasks
@davidperezgar davidperezgar linked a pull request Aug 10, 2024 that will close this issue
Add new Offloading_Files_Check check #566
Merged
6 tasks
@davidperezgar davidperezgar added this to the 1.2.0 milestone Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidperezgar davidperezgar

Labels
Checks Audit/test of the particular part of the plugin Needs Dev Anything that requires development (e.g. a pull request) [Team] Plugin Review Issues owned by Plugin Review Team
Projects
None yet
Milestone
1.2.0
Development

Successfully merging a pull request may close this issue.

Add new Offloading_Files_Check check WordPress/plugin-check
1 participant
@davidperezgar