IP, locale, Yoast version, browser info sent to external CDN

  • Resolved Ov3rfly

    (@ov3rfly)


    6 years, 8 months ago

    The current user IP address, his/her locale of WordPress, version of Yoast SEO and other browser information is sent to a third party server cdn.polyfill.io when visiting the WordPress dashboard page.

    This affects all user roles, including subscribers.

    Reason is this code:

    YoastSEO 7.1, admin/class-admin-asset-manager.php:85

    public function register_assets() {
    $user_locale = WPSEO_Utils::get_user_locale();
    $language = WPSEO_Utils::get_language( $user_locale );
    wp_register_script(
    self::PREFIX . ‘intl-polyfill’,
    sprintf( ‘https://cdn.polyfill.io/v2/polyfill.min.js?features=Intl.~locale.%s’, $language ),
    array(),
    WPSEO_VERSION
    );

    This might be an issue for #gdpr-compliance.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Md Mazedul Islam Khan

    (@mazedulislamkhan)

    Thanks for bringing this to our attention. However, this doesn’t look like from us as anywhere in our code we have references cdn.polyfill.io. To verify this, please go to the Yoast SEO repository here and search for cdn.polyfill.io in the top navigation search bar.

    In addition, we have also taken a look at the admin/class-admin-asset-manager.php on line number 85 and we don’t see the code you are referring here. You can find the relevant file and all the code here.

    So, we are not sure how did you get the code on your end. Please, make sure that you are not using any modified Yoast SEO version and install the Yoast SEO plugin directly from the www.remarpro.com repository.

    Thread Starter Ov3rfly

    (@ov3rfly)

    That’s interesting, I got the plugin from www.remarpro.com repository and the reference to cdn.polyfill.io is in each and every version I checked, including the current available download.

    If you take a look at the Yoast SEO repository, it appears that the code has been removed there less than 2 days ago, draw your own conclusions…

    Plugin Support Michael Ti?a

    (@mikes41720)

    @ov3rfly We will forward this concern to the appropriate team members at Yoast for further review.

    We want to let you know that we are committed to becoming 100% GPDR compliant. You can read more about it here — https://kb.yoast.com/kb/gdpr/

    Plugin Support Michael Ti?a

    (@mikes41720)

    Hello,

    After a bit of review, it was indeed confirmed that this dependency has been removed to avoid any issues with the GPDR. This shouldn’t cause any issues starting with the release of Yoast SEO v7.3 and onwards.

    Plugin Support Michael Ti?a

    (@mikes41720)

    No further response, setting to resolved.

    Thread Starter Ov3rfly

    (@ov3rfly)

    What further response do you expect?

    The code appears to be still present in 7.2, that’s the current available download.

    The issue can be closed as soon as the code is really removed in current available download, thanks.

    Plugin Support Md Mazedul Islam Khan

    (@mazedulislamkhan)

    This is to be expected as this is going to be fixed in the next Yoast SEO version 7.3. Please, check this once the version 7.3 is released.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘IP, locale, Yoast version, browser info sent to external CDN’ is closed to new replies.

Tags