Feature Proposal: Simplify hiding the System web documentation.

Motivation

MichaelDaum pointed out several times that Search Engines like Google will reduce the rank of sites showing duplication of content. Making the System web documentation available to guests is a big part of this. We can make this whole process a lot easier.

Description and Documentation

We need to identify and add "ALLOWTOPICVIEW = *" settings to any topics that are use operationally in other webs, or are needed directly by unauthenticated users.

This proposal does NOT change WebPreferences to block guest access, but is intended to ensure that Foswiki remains fully functional should a site chose to block access.

Examples

CommentPluginTemplate.txt
Questionable - possibly referenced from other webs.
edit
JQueryAjaxHelper.txt
Might be referenced from other guest accessible webs. (Included from more.tmpl)
edit
DefaultUserRegistration.txt
Included from UserRegistration.
edit
LanguageSelector.txt
Included from top bar even when I18N is disabled.
edit
PatternSkinHorizontalNavigationExample.txt
Optionally included from view.pattern.tmpl by setting.
edit
ResetPassword.txt
Directly used.
edit
UserRegistration.txt
Directly used.
edit
WebAtomBase.txt
Included.
edit
WebBottomBarExample.txt
Included from viewbottombar.pattern.tmpl
edit
WebChanges.txt
Included.
edit
WebChangesAlert.txt
Included by WebNotify. (Obsolete)
edit
WebChangesAdvanced.txt
Included.
edit
WebIndex.txt
Included.
edit
WebLeftBarExample.txt
Included from viewsidebar.pattern.tmpl.
edit
WebLeftBarLogin.txt
Included from WebLeftBarExample.
edit
WebLeftBarWebsList.txt
Included from WebLeftBarExample.
edit
WebNotifyHelp
Included by WebNotify.
edit
WebPreferencesHelp.txt
Included from WebPreferences.
edit
WebRssBase.txt
Included.
edit
WebSearch.txt
Included.
edit
WebTopBarExample.txt
Included from viewtopbar.pattern.tmpl
edit
WebTopicList.txt
Included.
edit

Impact

  • Sites with a default install: should be no impact as all these topics are readable anyway.
  • Sites already with protected System Web: This might make applying an update package easier as all of these topics are included in the update package.

Adding ALLOWTOPICVIEW = * to JQueryAjaxHelper is not backwards compatible with Foswiki 1.x.

%WHATDOESITAFFECT%
edit

Implementation

-- Contributors: GeorgeClark - 30 Oct 2015

Discussion

-- GeorgeClark - 30 Oct 2015

Set this as planned for 2.1. But considering that anyone who has made these customizations will be broken by our update packages, we might consider adding the ALLOW settings as part of a 2.0.x patch. It may make it easier for sites to apply the patch releases.

-- GeorgeClark - 30 Oct 2015

Note that ALLOWTOPICVIEW = * would be required for a couple of plugins as well shipping config topics in System. Alas ALLOWTOPICVIEW = * isn't backwards compatible. I once applied this ACL to SolrPlugin 's system topics and people upgrading it on a 1.1.x engine complained. So I backed out of this approach...

As an alternative we could merge AutoTemplatePlugin 's RulebasedViewTemplates into AutoViewTemplatePlugin and apply a view template to all System web topics so that viewing them as a guest is either redirecting to Main.WebHome or render any other kind of sorry-content-blocked page.

-- MichaelDaum - 30 Oct 2015

I have a patch already retrofitted to 1.1.x that could add the ALLOW=* wildcard. I got bogged down trying to fit the CGI and Perl deprecations fixes into a 1.1.x patch contrib that would buy 1.1 users time. This is what I've got bundled so far in PatchRelease01x01Contrib (in Release01x01 branch)
  • Item11267: Fixes Item12225 - extension using new Version strings break configure. Applies to Foswiki 1.1.5 and earlier.
  • Item12285: Security fixes related to the Maketext vulnerability. Applies to Foswiki 1.1.6 and earlier.
  • Item12391: More Maketext validations - Security issue applies to Foswiki 1.1.7 and earlier.
  • Item12414: Newer versions of File::Temp cause die in Foswiki::Sandbox::sysCommand() (Applies to Foswiki-1.1.6, Foswiki-1.1.7 and Foswiki-1.1.8 )
  • Item12616: Warnings and Errors due to newer versions of perl. (Fixed in Foswiki 1.1.9)
  • Item12849: Add ACL * wildcard for backwards compatibilty with Foswiki 2.0. Applies to all Foswiki 1.1 versions.
  • Item13775: Warnings due to CGI::param called in list context.
  • Item13777: Backport changes in URLPARAM and SEARCH for extension compatibility.
-- GeorgeClark - 30 Oct 2015

Marked as Accepted for 2.1. I clarified the proposal and modified the summary to agree with the topic name. This proposal will not change the System web settings.

-- GeorgeClark - 13 Nov 2015
 
Topic revision: r5 - 17 Nov 2015, GeorgeClark - This page was cached on 21 Sep 2017 - 17:50.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License