RSS feeds (Was: Some admin options required)

Sara

  • Walking Contradiction
  • Posts: 41
RSS feeds (Was: Some admin options required)
« on May 22nd, 2012, 03:37 AM »
I hope there will be an option to disable RSS feeds outright, either for the whole forum or for specific boards.  80% of my forum is private so RSS feeds are a moot point.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: RSS feeds (Was: Some admin options required)
« Reply #1, on May 22nd, 2012, 03:38 AM »
Disabling feeds outright has been an option in SMF for years, and we inherited it. If it's enabled, there's little point disabling it per board (though I've been thinking about hiding it for non-guest boards)


:edit: I split this because I did not want this derailing the specific questions posed, though it is an important point in its own right.
Re: RSS feeds (Was: Some admin options required)
« Reply #2, on August 20th, 2012, 09:17 PM »
Perhaps we could hide RSS feeds for boards that are not visible to guests?

Seems to me that would likely be the most logical thing, given that most readers can't deal with the cookies attached to the browser.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

godboko71

  • Fence accomplished!
  • Hello
  • Posts: 361
Thank you,
Boko

spoogs

  • Posts: 417
Stick a fork in it SMF

Nao

  • Dadman with a boy
  • Posts: 16,079
Re: RSS feeds (Was: Some admin options required)
« Reply #5, on August 22nd, 2012, 05:44 PM »
It would make sense -- as long as we provide a way to access these boards through a URL key representing the requesting user...
e.g. store in {db}members a field called 'rss_key', something complicated or whatever, and whenever you're trying to register a RSS feed that includes hidden material, provide ;uid=1234;rsskey=(md5??)(123456789)' in its URL... (Could be strengthened by offering more variables, of course.)
I thought we already had discussed that though... It's even in my to-do-list, as cryptic as my 'English for myself' may sound:

"rss feeds for users, with userid and a password automatically generated for user...?"

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: RSS feeds (Was: Some admin options required)
« Reply #6, on August 22nd, 2012, 06:57 PM »
Quote
It would make sense -- as long as we provide a way to access these boards through a URL key representing the requesting user...
I was purely talking about icons and hiding links on boards that aren't accessible.

To implement this is massively more complicated because it requires either fudging and re-calling the loading of the user (to re-handle board access) or doing it all manually. It's not pretty, anyway (and either way has performance issues), the other option is to intercept rsskey or whatever in the user loader and do it that way but even that's a check that would have to be performed for every guest on every page load since user authentication is done before almost anything else.

The alternative is to support username/password the way Google Reader etc supplies it, which is in the URL through the proper username/password parameters, but even then we still have to deal with authentication early enough. Perhaps only doing it when feeds are requested and there isn't a cookie (the circumstances that would be applicable for such things)

Side note: there's another case where sessions are used but shouldn't be, since someone requesting an RSS feed would still be online IIRC...

Nao

  • Dadman with a boy
  • Posts: 16,079
Re: RSS feeds (Was: Some admin options required)
« Reply #7, on August 22nd, 2012, 07:02 PM »
Quote from Arantor on August 22nd, 2012, 06:57 PM
I was purely talking about icons and hiding links on boards that aren't accessible.
But, if the boards are inaccessible, surely the links are as well...? (Unless you mean they're shown in the sidebar even though one gets a "Board doesn't exist" error...?)
Quote
To implement this is massively more complicated because it requires either fudging and re-calling the loading of the user (to re-handle board access) or doing it all manually.
Obviously, we'd have to reload the user yes.
Quote
It's not pretty, anyway (and either way has performance issues),
But it may be better than simply showing nothing if you're adding your favorite private board to Google Reader... (or any other web reader.)
Quote
the other option is to intercept rsskey or whatever in the user loader and do it that way
Good idea...
Quote
but even that's a check that would have to be performed for every guest on every page load since user authentication is done before almost anything else.
An isset() should be quick enough... :P
Quote
The alternative is to support username/password the way Google Reader etc supplies it, which is in the URL through the proper username/password parameters,
Which implies that one would want to supply Google with their username & password for a site...? I certainly wouldn't. But I would be perfectly fine with providing it a custom key for reading private boards. As long as no one at Google can actually get access to my account with it...
Quote
Side note: there's another case where sessions are used but shouldn't be, since someone requesting an RSS feed would still be online IIRC...
ORLY...?

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: RSS feeds (Was: Some admin options required)
« Reply #8, on August 22nd, 2012, 08:26 PM »
Quote
But, if the boards are inaccessible, surely the links are as well...? (Unless you mean they're shown in the sidebar even though one gets a "Board doesn't exist" error...?)
No...

Right now if you can see a board, you get the RSS feed as you should. But that wasn't what I suggested doing. I was suggesting hiding the RSS links if the board is not visible to guests. If the board is not accessible to guests, there's no need for RSS feeds as it currently stands.
Quote
Obviously, we'd have to reload the user yes.
Well, that's the thing. We can either fully reload the user, or we can intercept the request and attempt to load the user up front if that makes sense.
Quote
Which implies that one would want to supply Google with their username & password for a site...? I certainly wouldn't. But I would be perfectly fine with providing it a custom key for reading private boards. As long as no one at Google can actually get access to my account with it...
Of course they can. It's inserted in plain text in the URL as standard...
Quote
ORLY...?
Well, the session is loaded, the user account updated, but the main online log won't be. Since the session is loaded up front, even PHPSESSID sessions are invoked.