-
-
Notifications
You must be signed in to change notification settings - Fork 146
Ability to choose partial plotly.js bundles #462
Comments
@anders-kiaer Thanks for your suggestions. Regarding partial dcc, we are investigating a few possibilities at the moment regarding splitting & dynamically loading the libraries instead of packaging it all together. This is made more complex by the competing usage scenarios that have to all work in the final solution. We are not currently looking into making a partial distributable of dcc with a subset of features. For CSP, thanks for including the related issues. We can keep an eye on them but there's not much that can be done there from dcc's side. |
Support for partial plotly.js bundles though is an interesting one - I suppose there's a chance that plotly.js will implement its own lazy loading system, but barring that it would need to be up to the user to specify a bundle that they know will suit their needs. I could certainly see implementing something like |
@alexcjohnson I'm wondering if there's a generic function that handles this similar to how the React version can be changed in For our use case, we would like to be able to handle things such as:
Thoughts? |
@mjclawar that's a good point. At the moment I'm not sure where else this would be used, I don't see anything offhand, but there could certainly be cases added in the future either within the core or in additional components folks write. The challenge is that these resources aren't named, they're currently just collected as a list of urls/paths. So the plotlyjs bundle is currently brought in here: dash-core-components/dash_core_components/__init__.py Lines 36 to 41 in 83a3ea0
If we were to add a name/id to this, something like dash.replace_resource(dcc, 'plotly.js', {'external_url': 'https://cdn.plot.ly/plotly-basic-1.44.4.js'})
# or even just put the new file in your assets/ so it's loaded automatically,
# and tell us to ignore the default one:
dash.replace_resource(dcc, 'plotly.js', None) |
As discussed in plotly/dash#655, since we added async resources you can simply put the The only additional piece to consider is if we want to include a predefined set of plotly.js bundles with the package; I don't think we should do that though, there are just too many different possibilities users may want. |
Great library 💃 One small improvement 💡 : Currently
dcc
is shipped with the fullplotly.min.js
bundle. Do you see an easy/elegant way of enabling the user to specify one of the partial plotly.js bundles, and let e.g. the full bundle be the default?I currently see two use cases:
plotly.min.js
2.8 MB, while e.g.plotly.cartesian.js
, covering many applications, is 0.9 MB).Regarding 2), Dash alone works beautifully with a strong CSP configuration. You can e.g. do
and then run
This works beautifully in Dash.
However if
dcc.Graph()
is added toapp.layout
you will in the browser get "Error loading dependencies" due to violation of CSP directivesscript-src
andstyle-src
(these comes from plotly/plotly.js#897 and plotly/plotly.js#2355 respectively).This can be "solved" by adding
unsafe-eval
andunsafe-inline
, but thescript-src
part can be solved in a safer way by using one of the partial bundles ofplotly.js
instead, for applications where you don't needgl3d
andgl2d
.I quickly tested overwriting the
[...]/lib/python3.7/site-packages/dash_core_components/plotly[...].min.js
installed in the environment with one of the partialplotly.js
bundles, and that enabled (as expected) a stricter CSP without opening foreval()
and its relatives.The text was updated successfully, but these errors were encountered: