Remove Bootstrap CSS from default login/logout page
Kehrlann opened this issue · comments
Context
Currently, the default Spring Security login and logout pages are styled using Bootstrap CSS. The version we use is 4.0.0-beta
, while the newer version is 5.3.x
.
It is used for:
- Default styling (colors, fonts, button shapes, etc)
- Positioning (mostly centering)
- Responsiveness ("this page is usable on my phone")
- Striped tables
While Bootstrap has a lot of useful built-in features, it comes with a few drawbacks:
- It is hosted on a external CDN we do not control
- It forces an extra request on first login
- It is much, much, much larger than what is required for the features we use
- As a consequence, on lower bandwidth / flakier connections, this will significantly delay first paint
Additionally, for air-gapped scenarios (no access to the internet):
- The page may not load any style
- Users' unit tests may time out while waiting for the CSS to download
Previous discussions
This has been mentioned previously, e.g. gh-7165 and gh-11949. The takeway is:
There isn't intended to be a way to customize this behavior
However, we are not specifically attached to using Bootstrap
Proposed solution
Write the minimal CSS required to achieve the desired behavior on the pages, and inline that directly.
Closed by gh-15303