Feature Proposal: Simplify hiding the System web documentation.
Motivation
MichaelDaum pointed out several times that Search Engines like Google will reduce the rank of sites showing duplication of content. Making the System web documentation available to guests is a big part of this. We can make this whole process a lot easier.
Description and Documentation
We need to identify and add
"ALLOWTOPICVIEW = *"
settings to any topics that are use operationally in other webs, or are needed directly by unauthenticated users.
This proposal does NOT change
WebPreferences to block guest access, but is intended to ensure that Foswiki remains fully functional should a site chose to block access.
Examples
Impact
- Sites with a default install: should be no impact as all these topics are readable anyway.
- Sites already with protected System Web: This might make applying an update package easier as all of these topics are included in the update package.
Adding
ALLOWTOPICVIEW = *
to
JQueryAjaxHelper is not backwards compatible with Foswiki 1.x.
Implementation
--
Contributors: GeorgeClark - 30 Oct 2015
Discussion
--
GeorgeClark - 30 Oct 2015
Set this as planned for 2.1. But considering that anyone who has made these customizations will be broken by our update packages, we might consider adding the ALLOW settings as part of a 2.0.x patch. It may make it easier for sites to apply the patch releases.
--
GeorgeClark - 30 Oct 2015
Note that
ALLOWTOPICVIEW = *
would be required for a couple of plugins as well shipping config topics in System. Alas
ALLOWTOPICVIEW = *
isn't backwards compatible.
I once applied this ACL to
SolrPlugin 's system topics and people upgrading it on a 1.1.x engine complained. So I backed out of this approach...
As an alternative we could merge
AutoTemplatePlugin 's
RulebasedViewTemplates into
AutoViewTemplatePlugin and apply a view template to all System web topics so that viewing them as a guest is either redirecting to Main.WebHome or render any other kind of sorry-content-blocked page.
--
MichaelDaum - 30 Oct 2015
I have a patch already retrofitted to 1.1.x that could add the ALLOW=* wildcard. I got bogged down trying to fit the CGI and Perl deprecations fixes into a 1.1.x patch contrib that would buy 1.1 users time. This is what I've got bundled so far in
PatchRelease01x01Contrib (in Release01x01 branch)
-
Item11267
: Fixes Item12225 - extension using new Version strings break configure. Applies to Foswiki 1.1.5 and earlier.
-
Item12285
: Security fixes related to the Maketext vulnerability. Applies to Foswiki 1.1.6 and earlier.
-
Item12391
: More Maketext validations - Security issue applies to Foswiki 1.1.7 and earlier.
-
Item12414
: Newer versions of File::Temp
cause die in Foswiki::Sandbox::sysCommand()
(Applies to Foswiki-1.1.6, Foswiki-1.1.7 and Foswiki-1.1.8 )
-
Item12616
: Warnings and Errors due to newer versions of perl. (Fixed in Foswiki 1.1.9)
-
Item12849
: Add ACL * wildcard for backwards compatibilty with Foswiki 2.0. Applies to all Foswiki 1.1 versions.
-
Item13775
: Warnings due to CGI::param called in list context.
-
Item13777
: Backport changes in URLPARAM and SEARCH for extension compatibility.
--
GeorgeClark - 30 Oct 2015
Marked as Accepted for 2.1. I clarified the proposal and modified the summary to agree with the topic name. This proposal will not change the System web settings.
--
GeorgeClark - 13 Nov 2015