You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
One of the reasons users might self-host is because they want to prevent data being leaked out of their company/org. However, there are buttons on the UI that allow users to share their diagram with other website. For example, with https://mermaid.ink/ or https://kroki.io/ or https://www.mermaidchart.com. Some of the problem locations that I could see are highlighted in the image below. I don't know if there are others I haven't noticed.
Describe the solution you'd like
It would be nice if these could be disabled using environment variables. For example, if rendererUrl and krokiRendererUrl are empty, then the respective buttons could be hidden.
Even though clicking on the link doesn't directly result in a data leak, it could still mislead users into thinking that it's okay to share the data on https://www.mermaidchart.com/.
Describe alternatives you've considered
Could modify the code to get the desired effect, however then it could get annoying to resolve merge conflicts when pulling the latest version of this repo. An easy way to toggle these off via env variables might be something the community would benefit from.
Additional context
I'm not very optimistic about this feature request being accepted, but thought it couldn't hurt to ask. Feels like these would be simple changes, so happy to raise a PR too.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
One of the reasons users might self-host is because they want to prevent data being leaked out of their company/org. However, there are buttons on the UI that allow users to share their diagram with other website. For example, with https://mermaid.ink/ or https://kroki.io/ or https://www.mermaidchart.com. Some of the problem locations that I could see are highlighted in the image below. I don't know if there are others I haven't noticed.
Describe the solution you'd like
It would be nice if these could be disabled using environment variables. For example, if
rendererUrl
andkrokiRendererUrl
are empty, then the respective buttons could be hidden.For the mermaid chart links,
Even though clicking on the link doesn't directly result in a data leak, it could still mislead users into thinking that it's okay to share the data on https://www.mermaidchart.com/.
Describe alternatives you've considered
Could modify the code to get the desired effect, however then it could get annoying to resolve merge conflicts when pulling the latest version of this repo. An easy way to toggle these off via env variables might be something the community would benefit from.
Additional context
I'm not very optimistic about this feature request being accepted, but thought it couldn't hurt to ask. Feels like these would be simple changes, so happy to raise a PR too.
The text was updated successfully, but these errors were encountered: