Hey all,
I was playing around with the CMS on my machine when my wifi dropped out. For some reason the CMS kept hanging on an external script that was trying to load. Looking into it more, some kind of logging/analytics script is being loaded out-of-the-box by the navapp belonging to this site: https://www.pendo.io/.
The script being loaded:
!function(e, n, t, a, i) {
var c, o, s, d, p;
for ((i = e[a] = e[a] || {})._q = [],
o = 0,
s = (c = ["initialize", "identify", "updateOptions", "pageLoad"]).length; o < s; ++o)
!function(e) {
i[e] = i[e] || function() {
i._q[e === c[0] ? "unshift" : "push"]([e].concat([].slice.call(arguments, 0)))
}
}(c[o]);
(d = n.createElement(t)).async = !0,
d.src = "https://cdn.pendo.io/agent/static/e65bf8ab-aad1-48b6-521a-3f558e16c979/pendo.js",
(p = n.getElementsByTagName(t)[0]).parentNode.insertBefore(d, p)
}(window, document, "script", "pendo");
//# sourceMappingURL=scripts.6cc58785376a86301f9b.js.map
Reading the code it seems like I could remove scripts.6cc58785376a86301f9b.js
from angular/navapp/filelist.json
in the hippo-cms-engine jar to make it not load, but I wouldn’t want to overlay that webfragment every release.
It would be great to be able to disable this script being loaded by default, is there a configuration for that anywhere?
In general, I would say that a product such as this, should strive to minimise its external dependencies so that when they are deployed in restricted environments (either by design or not) they can work predictably. Not to mention the apprehension some people (or security teams) might have regarding their backends reaching out to not necessarily trusted 3rd party sites. But maybe that’s just me.
Please let me know if I’m missing or misunderstanding something, keen to hear back from you.
Cheers,
Marnix