Wedge
Public area => The Pub => Topic started by: Sara on May 22nd, 2012, 03:37 AM
-
I hope there will be an option to disable RSS feeds outright, either for the whole forum or for specific boards. 80% of my forum is private so RSS feeds are a moot point.
-
Disabling feeds outright has been an option in SMF for years, and we inherited it. If it's enabled, there's little point disabling it per board (though I've been thinking about hiding it for non-guest boards)
:edit: I split this because I did not want this derailing the specific questions posed, though it is an important point in its own right.
-
Perhaps we could hide RSS feeds for boards that are not visible to guests?
Seems to me that would likely be the most logical thing, given that most readers can't deal with the cookies attached to the browser.
-
Perhaps we could hide RSS feeds for boards that are not visible to guests?
Seems to me that would likely be the most logical thing, given that most readers can't deal with the cookies attached to the browser.
-
Does make sense indeed
-
It would make sense -- as long as we provide a way to access these boards through a URL key representing the requesting user...
e.g. store in {db}members a field called 'rss_key', something complicated or whatever, and whenever you're trying to register a RSS feed that includes hidden material, provide ;uid=1234;rsskey=(md5??)(123456789)' in its URL... (Could be strengthened by offering more variables, of course.)
I thought we already had discussed that though... It's even in my to-do-list, as cryptic as my 'English for myself' may sound:
"rss feeds for users, with userid and a password automatically generated for user...?"
-
It would make sense -- as long as we provide a way to access these boards through a URL key representing the requesting user...
To implement this is massively more complicated because it requires either fudging and re-calling the loading of the user (to re-handle board access) or doing it all manually. It's not pretty, anyway (and either way has performance issues), the other option is to intercept rsskey or whatever in the user loader and do it that way but even that's a check that would have to be performed for every guest on every page load since user authentication is done before almost anything else.
The alternative is to support username/password the way Google Reader etc supplies it, which is in the URL through the proper username/password parameters, but even then we still have to deal with authentication early enough. Perhaps only doing it when feeds are requested and there isn't a cookie (the circumstances that would be applicable for such things)
Side note: there's another case where sessions are used but shouldn't be, since someone requesting an RSS feed would still be online IIRC...
-
I was purely talking about icons and hiding links on boards that aren't accessible.
To implement this is massively more complicated because it requires either fudging and re-calling the loading of the user (to re-handle board access) or doing it all manually.
It's not pretty, anyway (and either way has performance issues),
the other option is to intercept rsskey or whatever in the user loader and do it that way
but even that's a check that would have to be performed for every guest on every page load since user authentication is done before almost anything else.
The alternative is to support username/password the way Google Reader etc supplies it, which is in the URL through the proper username/password parameters,
Side note: there's another case where sessions are used but shouldn't be, since someone requesting an RSS feed would still be online IIRC...
-
But, if the boards are inaccessible, surely the links are as well...? (Unless you mean they're shown in the sidebar even though one gets a "Board doesn't exist" error...?)
Right now if you can see a board, you get the RSS feed as you should. But that wasn't what I suggested doing. I was suggesting hiding the RSS links if the board is not visible to guests. If the board is not accessible to guests, there's no need for RSS feeds as it currently stands.Obviously, we'd have to reload the user yes.
Which implies that one would want to supply Google with their username & password for a site...? I certainly wouldn't. But I would be perfectly fine with providing it a custom key for reading private boards. As long as no one at Google can actually get access to my account with it...