Fossil

Check-in [2804c71a]
Login

Check-in [2804c71a]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Allow /sitemap to accept the popup query parameter as GET as long as the incoming request is from the same origin. This is probably sufficient to prevent revealing URLs to robots. And the use of GET seems to be more in keeping with the REST idea.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 2804c71a43df0cd9f7c0364a735180e9e58247ea66eb43913f8166fa82a92c89
User & Date: drh 2018-09-20 10:31:43
Context
2018-09-20
11:21
Fixed the panel.style.hasOwnProperty() test in the default skin's js.txt so that it will work on IE8 and below. See code comment for rationale. ... (check-in: e54095f9 user: wyoung tags: trunk)
10:31
Allow /sitemap to accept the popup query parameter as GET as long as the incoming request is from the same origin. This is probably sufficient to prevent revealing URLs to robots. And the use of GET seems to be more in keeping with the REST idea. ... (check-in: 2804c71a user: drh tags: trunk)
10:27
The POST request by the hamburger menu must set the right content type of application/x-www-form-urlencoded in order to pass the popup=1 query parameter. ... (check-in: ee0f77df user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to skins/default/js.txt. 

121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

              showPanel();
            }
            panel.style.display = 'block';
          }
        }
        // else, can't parse response as HTML or XML
      }
      xhr.open("POST", "$home/sitemap");   // note the TH1 substitution!
      xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
      xhr.responseType = "document";
      xhr.send("popup=1");
    }
    else {
      showPanel();   // just show what we built above
    }
    return false;  // prevent browser from acting on <a> click
  }
})();








|
<

|








121
122
123
124
125
126
127
128

129
130
131
132
133
134
135
136
137

              showPanel();
            }
            panel.style.display = 'block';
          }
        }
        // else, can't parse response as HTML or XML
      }
      xhr.open("GET", "$home/sitemap?popup");   // note the TH1 substitution!

      xhr.responseType = "document";
      xhr.send();
    }
    else {
      showPanel();   // just show what we built above
    }
    return false;  // prevent browser from acting on <a> click
  }
})();

Changes to src/sitemap.c. 

41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

    { "Documentation",  "sitemap-docidx" },
    { "Download",       "sitemap-download" },
    { "License",        "sitemap-license" },
    { "Contact",        "sitemap-contact" },
  };

  login_check_credentials();
  if( P("popup")!=0 && cgi_csrf_safe(1) ){
    /* If this is a POST from the same origin with the popup=1 parameter,
    ** then disable anti-robot defenses */
    isPopup = 1;
    g.perm.Hyperlink = 1;
    g.javascriptHyperlink = 0;
  }
  srchFlags = search_restrict(SRCH_ALL);








|








41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

    { "Documentation",  "sitemap-docidx" },
    { "Download",       "sitemap-download" },
    { "License",        "sitemap-license" },
    { "Contact",        "sitemap-contact" },
  };

  login_check_credentials();
  if( P("popup")!=0 && cgi_csrf_safe(0) ){
    /* If this is a POST from the same origin with the popup=1 parameter,
    ** then disable anti-robot defenses */
    isPopup = 1;
    g.perm.Hyperlink = 1;
    g.javascriptHyperlink = 0;
  }
  srchFlags = search_restrict(SRCH_ALL);