Some time ago I got the tip from HCL Support, that the
Create Community button will recognize the role
community-creator only when the gatekeeper option
CATALOG_CARD_UPDATED is set to
This is working, but I had to complain, that this option activates some code, which loads fonts from a CDN instead of the local Connections deployment.
For some customers external download of code, fonts, or styles is an issue and this was already fixed with
CATALOG_CARD_UPDATED=true, so I was very surprised, as users complained again, that the Community catalog page is requesting fonts from CDN.
Finally, HCL offered to add the functionality, that the community create button is only visible when the user has the role
CATALOG_CARD_UPDATED is set to true, HCL wrote some more details in the defect article KB0088295 .
So when you want fonts only loaded from on premises resources and have a hidden / shown create community button, then you should switch back to
CATALOG_CARD_UPDATED=true, after you installed the CFix.70.2110 or the upcoming CFix.65.2111 .
Why is loading fonts from CDN not a good idea?
A very good summary about this topic was written by Collin M Barret in his article Blocking Web Fonts for Speed and Privacy and there is nothing to add.
It is less a security issue, because there were only view vulnerabilities in the context of external web fonts, but we shouldn’t forget the privacy concerns. Please read the article for more details.