Some time ago I got the tip from HCL Support, that the Create Community
button will recognize the role community-creator
only when the gatekeeper option CATALOG_CARD_UPDATED
is set to false
.
This is working, but I had to complain, that this option activates some code, which loads fonts from a CDN instead of the local Connections deployment.
For some customers external download of code, fonts, or styles is an issue and this was already fixed with CATALOG_CARD_UPDATED=true
, so I was very surprised, as users complained again, that the Community catalog page is requesting fonts from CDN.
Finally, HCL offered to add the functionality, that the community create button is only visible when the user has the role Community-creator
when CATALOG_CARD_UPDATED
is set to true, HCL wrote some more details in the defect article KB0088295 .
So when you want fonts only loaded from on premises resources and have a hidden / shown create community button, then you should switch back to CATALOG_CARD_UPDATED=true
, after you installed the CFix.70.2110 or the upcoming CFix.65.2111 .
Why is loading fonts from CDN not a good idea?
A very good summary about this topic was written by Collin M Barret in his article Blocking Web Fonts for Speed and Privacy and there is nothing to add.
It is less a security issue, because there were only view vulnerabilities in the context of external web fonts, but we shouldn’t forget the privacy concerns. Please read the article for more details.