You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Erik Kline <ek...@google.com> on 2007/05/23 01:28:24 UTC

[PATCH] don't tempt users to add to tigris.org's referer logs

Devs,

Not sure if people mind or if this is just a "shrug" but I figured
perhaps a few corporate installations would appreciate not tempting
users to click on the link and unwittingly contribute referer urls to
the subversion.tigris.org logs.

[[[
  * subversion/mod_dav_svn/repos.c
    (deliver):  If generating html output, don't tempt users to add
    their (possibly internal, corporate) referer links to
    subversion.tigris.org's logs.  The anchor tag is removed and the
    href attribute contents are integrated into the plain text.
]]]

Index: subversion/mod_dav_svn/repos.c
===================================================================
--- subversion/mod_dav_svn/repos.c      (revision 25113)
+++ subversion/mod_dav_svn/repos.c      (working copy)
@@ -2789,7 +2789,7 @@
       if (gen_html)
         ap_fputs(output, bb,
                  " </ul>\n <hr noshade><em>Powered by "
-                 "<a href=\"http://subversion.tigris.org/\">Subversion</a> "
+                 "Subversion (http://subversion.tigris.org) "
                  "version " SVN_VERSION "."
                  "</em>\n</body></html>");
       else

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Karl Fogel <kf...@red-bean.com>.

Daniel Rall <dl...@collab.net> writes:
>> (There's no way to write a link in such a way as to signal to the
>> browser to leave out some of the referrer information?  Some
>> attribute?  Hmmm, Googling for it turns up nothing...)
>
> I vote for turning the string into a preprocessor macro that can be
> specified at compile time (e.g. 'make SVN_MOD_DAV_SVN_ADVERTISEMENT=xxx').

I can't even tell if you're being sarcastic or not :-).

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Daniel Rall <dl...@collab.net>.

On Wed, 23 May 2007, Karl Fogel wrote:

> Eric Gillespie <ep...@pretzelnet.org> writes:
> > Karl Fogel <kf...@red-bean.com> writes:
> >> I'm not sure I get the motivation.  This is showing up in HTML output,
> >> right?  Isn't it standard for a "Powered by Foo" tag to link back to
> >> the Foo project?  Why wouldn't we want to do that here?
> >
> > Because this is a version control system, potentially (we svn
> > folks hope!) widely deployed in businesses, which would rather
> > not have proprietary information (in the form of paths in the
> > repository) leaked to tigris.org (in the form of Referer headers).
> 
> Okay, I get it now.
> 
> (There's no way to write a link in such a way as to signal to the
> browser to leave out some of the referrer information?  Some
> attribute?  Hmmm, Googling for it turns up nothing...)

I vote for turning the string into a preprocessor macro that can be
specified at compile time (e.g. 'make SVN_MOD_DAV_SVN_ADVERTISEMENT=xxx').

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Karl Fogel <kf...@red-bean.com>.

Eric Gillespie <ep...@pretzelnet.org> writes:
> Karl Fogel <kf...@red-bean.com> writes:
>> I'm not sure I get the motivation.  This is showing up in HTML output,
>> right?  Isn't it standard for a "Powered by Foo" tag to link back to
>> the Foo project?  Why wouldn't we want to do that here?
>
> Because this is a version control system, potentially (we svn
> folks hope!) widely deployed in businesses, which would rather
> not have proprietary information (in the form of paths in the
> repository) leaked to tigris.org (in the form of Referer headers).

Okay, I get it now.

(There's no way to write a link in such a way as to signal to the
browser to leave out some of the referrer information?  Some
attribute?  Hmmm, Googling for it turns up nothing...)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Martin Furter <mf...@rola.ch>.


On Wed, 23 May 2007, Eric Gillespie wrote:

> Karl Fogel <kf...@red-bean.com> writes:
>
>> I'm not sure I get the motivation.  This is showing up in HTML output,
>> right?  Isn't it standard for a "Powered by Foo" tag to link back to
>> the Foo project?  Why wouldn't we want to do that here?
>
> Because this is a version control system, potentially (we svn
> folks hope!) widely deployed in businesses, which would rather
> not have proprietary information (in the form of paths in the
> repository) leaked to tigris.org (in the form of Referer headers).

There are already enough options to get rid of it:

  - Change the source before compiling.
  - Use XSLT.
  - Filter it in a HTTP proxy.
  - Use svn:// or svn+ssh://

Just my 2 cents.

Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Eric Gillespie <ep...@pretzelnet.org>.

Karl Fogel <kf...@red-bean.com> writes:

> I'm not sure I get the motivation.  This is showing up in HTML output,
> right?  Isn't it standard for a "Powered by Foo" tag to link back to
> the Foo project?  Why wouldn't we want to do that here?

Because this is a version control system, potentially (we svn
folks hope!) widely deployed in businesses, which would rather
not have proprietary information (in the form of paths in the
repository) leaked to tigris.org (in the form of Referer headers).

-- 
Eric Gillespie <*> epg@pretzelnet.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Karl Fogel <kf...@red-bean.com>.

"Erik Kline" <ek...@google.com> writes:
> Not sure if people mind or if this is just a "shrug" but I figured
> perhaps a few corporate installations would appreciate not tempting
> users to click on the link and unwittingly contribute referer urls to
> the subversion.tigris.org logs.
>
> [[[
>  * subversion/mod_dav_svn/repos.c
>    (deliver):  If generating html output, don't tempt users to add
>    their (possibly internal, corporate) referer links to
>    subversion.tigris.org's logs.  The anchor tag is removed and the
>    href attribute contents are integrated into the plain text.
> ]]]

I'm not sure I get the motivation.  This is showing up in HTML output,
right?  Isn't it standard for a "Powered by Foo" tag to link back to
the Foo project?  Why wouldn't we want to do that here?

How is "contribute referer urls to the subversion.tigris.org logs"
different from "browse to subversion.tigris.org", and assuming they
are equivalent, why would we not encourage the latter?

-Karl


> Index: subversion/mod_dav_svn/repos.c
> ===================================================================
> --- subversion/mod_dav_svn/repos.c      (revision 25113)
> +++ subversion/mod_dav_svn/repos.c      (working copy)
> @@ -2789,7 +2789,7 @@
>       if (gen_html)
>         ap_fputs(output, bb,
>                  " </ul>\n <hr noshade><em>Powered by "
> -                 "<a href=\"http://subversion.tigris.org/\">Subversion</a> "
> +                 "Subversion (http://subversion.tigris.org) "
>                  "version " SVN_VERSION "."
>                  "</em>\n</body></html>");
>       else
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] don't tempt users to add to tigris.org's referer logs

Posted by Eric Gillespie <ep...@pretzelnet.org>.

"Erik Kline" <ek...@google.com> writes:

> Not sure if people mind or if this is just a "shrug" but I figured
> perhaps a few corporate installations would appreciate not tempting
> users to click on the link and unwittingly contribute referer urls to
> the subversion.tigris.org logs.

I bet you don't even have to click the link; don't all browsers
have some pre-fetching crap on by default these days?

+1 from me, though i'd say drop the URL entirely; it looks ghetto
when not linked.  We're not hard to find ;->.

-- 
Eric Gillespie <*> epg@pretzelnet.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org