Update Dependencies, Optimize Webpack, Add Cookie Consent, and Enhance Security/Performance"#1021
Update Dependencies, Optimize Webpack, Add Cookie Consent, and Enhance Security/Performance"#1021JuanPabloDiaz wants to merge 8 commits intotech-conferences:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes the build setup, removes deprecated settings, and adds user-facing cookie consent and Twitter follow improvements.
- Simplify Webpack configuration and update build/start scripts.
- Add
CookieConsentcomponent and integrate it into the app. - Update
TwitterFollowButtonto respect user cookie preferences.
Reviewed Changes
Copilot reviewed 14 out of 15 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/scenes/ConferenceList/components/OpenCollectiveContribution/OpenCollectiveContribution.tsx | Add explicit height attribute to prevent layout shift. |
| src/components/TwitterFollowButton/TwitterFollowButton.tsx | Inline fallback link added; cookie‐based widget loading. |
| src/components/CookieConsent/CookieConsent.tsx | New cookie banner component with accept/decline logic. |
| src/components/App/App.tsx | Integrate <CookieConsent /> into application layout. |
| scripts/start.js | Adjust WebpackDevServer instantiation and shutdown APIs. |
| scripts/preview.js | New preview server script for built output. |
| public/index.html | Improve font loading performance via Google Fonts. |
| public/_headers | Add security and CSP headers. |
| package.json | Add preview, clean scripts; remove deprecated deps. |
| config/webpack.config.js | Remove console stripping, CSS optimizations, and code splitting. |
Comments suppressed due to low confidence (2)
src/components/CookieConsent/CookieConsent.tsx:1
- New interactive components like
CookieConsentshould have unit tests to cover banner visibility, accept/decline flows, and side effects (e.g., storage updates).
import React, { useState, useEffect } from 'react'
config/webpack.config.js:298
- Removing parallel processing and code splitting can increase build time and bundle size. Please verify the impact on production bundle performance.
new CssMinimizerPlugin(),
| href='https://twitter.com/ConfsTech' | ||
| target='_blank' | ||
| rel='noopener noreferrer' | ||
| style={{ |
There was a problem hiding this comment.
[nitpick] Consider moving these inline styles into a CSS/SCSS module for consistency and easier theming.
| "preview": "node scripts/preview.js", | ||
| "test": "node scripts/test.js", | ||
| "lint": "eslint .", | ||
| "clean": "rm -rf build dist node_modules package-lock.json coverage .eslintcache", |
There was a problem hiding this comment.
Using rm -rf in npm scripts is not cross-platform. Consider using a tool like rimraf for Windows compatibility.
| Referrer-Policy: strict-origin-when-cross-origin | ||
|
|
||
| # Content Security Policy - allowing necessary external resources | ||
| Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://opencollective.com data: https:; connect-src 'self'; frame-src https://platform.twitter.com; object-src 'none'; base-uri 'self' |
There was a problem hiding this comment.
Allowing 'unsafe-inline' for scripts/styles weakens CSP. Consider using nonces or hashes instead of 'unsafe-inline'.
| Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://opencollective.com data: https:; connect-src 'self'; frame-src https://platform.twitter.com; object-src 'none'; base-uri 'self' | |
| Content-Security-Policy: default-src 'self'; script-src 'self' https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://opencollective.com data: https:; connect-src 'self'; frame-src https://platform.twitter.com; object-src 'none'; base-uri 'self' |
|
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
…n; clean up package.json
JuanPabloDiaz
changed the title
|
Hey @JuanPabloDiaz ! That's amazing, thank you so much for your work on the website, that's super cool! At a high level, all the changes look good to me (I haven't reviewed the code yet). That being said, given you're touching different things, I would suggest to break this PR into multiple PRs. Your PR description splits the work well already, so it's really just a code split at this point. I'm suggesting that, in case where you have to revert a change for XYZ reason. Let me know what you think :) |
|
Thanks @nimzco — totally agree with your point. |
|
Thank you for the feedback! 🙏 If I understand correctly, you were suggesting to break this into separate, focused PRs for easier review and potential rollbacks. I've taken your advice and split the comprehensive changes into 6 focused PRs:
Is this the kind of split you had in mind? Hope this will make the review process much smoother. 🚀 |
|
All split PRs have been merged Successfully! 🎉 The site has no conflicts. Closing this original PR since all changes are now incorporated through PRs 1022-1027. |
|
Nice! Great job! |
This PR started with the idea of fixing the best practices report issue but ends up fixing additional issues such deprecate dependencies, starter script not running due to a compatibility issue after updating dependencies, adding scripts and more.
This pull request introduces several updates to the project, focusing on improving performance, enhancing user experience, and adding new functionality. Key changes include optimizations to the Webpack configuration, updates to
package.jsondependencies and scripts, the addition of a cookie consent banner, and enhancements to the Twitter follow button to respect user cookie preferences.Webpack Configuration Updates:
CssMinimizerPluginand removed split chunks and runtime chunk settings to streamline build processes.generatorconfiguration for static media files, removing image optimization options like quality settings. [1] [2]namedExport: falseto CSS module configurations for consistency. [1] [2]package.jsonUpdates:preview,clean) and metadata (description,license) for better project management.babel-core,babel-preset-env, andtslintto modernize the codebase. [1] [2] [3]Cookie Consent Banner:
CookieConsentcomponent to display a banner for cookie preferences, with options to accept or decline. This includes SCSS styles for responsiveness and theme compatibility. [1] [2] [3] [4] [5]CookieConsentcomponent into theApp.tsxlayout.Twitter Follow Button Enhancements:
TwitterFollowButtoncomponent to check user cookie consent before loading Twitter widgets. If consent is not given, it displays a simple follow link instead. [1] [2] [3] [4]Security and Performance Improvements:
public/_headersfile for enhanced security.public/index.htmlto improve font loading performance by using Google Fonts with proper URLs and preconnect directives. [1] [2]