Using Google Fonts (CDN) in default error templates is bad practice - especially due to legal problems for all websites in the EU #44246
-
|
One of our clients was just sued. If you visit a link that doesnt exist in your application you (may) see the laravel default 404 error page. Unfortunately, the default error pages embed Google Fonts via CDN which is illegal in the EU. Additionally, you cause quite some traffic for just a few words on your screen. I suggest to maybe replace the default messages with svgs or ship laravel with an actual, locally available font by default. That way we can make sure that even websites without a customized 404 are safe and secure for everyone. Best, |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
I agree that this is a concern. I was surprised that anyone actually sued on this and did a little research, and here are some findings: From https://cookie-script.com/blog/google-fonts-and-gdpr , although the legal decision was in Germany, it applies EU-wide and is applicable to where the user is located and not the web host:
However, aside from the legal costs (which would have been significant) the GDPR fine was only 100€:
From https://forum.squarespace.com/topic/225009-is-google-fonts-and-maps-violating-european-gdpr-how-to-install-a-custom-font-with-squarespace/ , it appears that this law suit is causing unscrupulous law firms to issue bulk legal claims as a way of making money:
Also here https://gettotext.com/190-euros-demanded-data-protection-leaks-lawyers-letter-to-hundreds-of-companies/ :
So, although the amounts claimed are usually small (individually - you might get multiple such claims), the hassle factor with dealing with them is huge. On this basis, I really do agree that the Laravel 404 page (and any others) that use Google Fonts from a CDN should be changed. Because SVGs are not e.g. readable by a screen reader for the blind, I would suggest that SVGs are not used, but for a default 404 page I would have thought that any built-in font would be acceptable. (Of course the Laravel user could create their own replacement 404 page which uses Google Fonts, but then that is a deliberate choice on their part cf. using Laravel without realising that this is happening.) |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your reply! The amount you have to pay (fine) may vary from dubious law firm to firm. It is true that these firms just fish for unknowning website owners which makes this issue kind of urgent, as far as I am concerned. I still like the svg approach better - you can just have an alt-tag for screenreaders. But a general font probably makes more sense. How is the procedure from here on to get this baby fixed? |
Beta Was this translation helpful? Give feedback.
-
|
Not sure what you all are referring too but the default error views in Laravel don't contain Google fonts anymore: https://github.com/laravel/framework/blob/9.x/src/Illuminate/Foundation/Exceptions/views/layout.blade.php And for other purposes we're using bunny fonts now: https://github.com/laravel/laravel/blob/9.x/resources/views/welcome.blade.php#L10 |
Beta Was this translation helpful? Give feedback.
-
|
I was talking about L8. Glad it was improved in L9. Thanks! |
Beta Was this translation helpful? Give feedback.
Not sure what you all are referring too but the default error views in Laravel don't contain Google fonts anymore:
https://github.com/laravel/framework/blob/9.x/src/Illuminate/Foundation/Exceptions/views/layout.blade.php
https://github.com/laravel/framework/blob/9.x/src/Illuminate/Foundation/Exceptions/views/minimal.blade.php
And for other purposes we're using bunny fonts now: https://github.com/laravel/laravel/blob/9.x/resources/views/welcome.blade.php#L10