Issue 2551295: Modify link to Roundup docs in sidebar for all templates

classification

Title:	Modify link to Roundup docs in sidebar for all templates
Type:	security	Severity:	minor
Components:	Documentation, Web interface	Versions:

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:	normal	Keywords:	Effort-Low, StarterTicket

Created on 2023-10-24 02:26 by rouilj, last changed 2023-10-24 02:26 by rouilj.

Messages
msg7847	Author: [hidden] (rouilj)	Date: 2023-10-24 02:26
All of the templates include a link to the Roundup docs. I am watching the stats for that including the referer header. I see entries from private ip address space with port 8080, 8917 etc. This is obviously clicking on the link on a tracker. I would like to not see the referer but get info on the version of Roundup being run. A change to the Roundup docs link like: <a tal:attributes="href python:'https://www.roundup-tracker.org?ref=from_roundup-' + utils.roundup_version()" referrerpolicy="no-referrer" i18n:translate="">Roundup docs</a> where utils.roundup_version is a new TemplatingUtils method. Add to cgi/templating.py and it returns a string like "2.3.0". This should be done on all templates. My implementation of roundup_version was added as templating util extension. The code is: from roundup import __version__ as roundup_version_str def roundup_version(): return roundup_version_str def init(tracker): tracker.registerUtil('roundup_version', roundup_version) when added to templating.py, probably only need the first three lines. In addition to code change, add two sections to doc/upgrading.txt. Make adding the referrerpolicy recommended and changing to a new url with the ref optional. Hopefully this will get some info on what versions are in the wild and stop internal url's from escaping to the logs.

msg7847

Author: [hidden] (rouilj)

Date: 2023-10-24 02:26

All of the templates include a link to the Roundup docs.

I am watching the stats for that including the referer header. I see
entries from private ip address space with port 8080, 8917 etc. This is obviously
clicking on the link on a tracker.

I would like to not see the referer but get info on the version of Roundup being run.
A change to the Roundup docs link like:

   <a
    tal:attributes="href python:'https://www.roundup-tracker.org?ref=from_roundup-' +
                    utils.roundup_version()" 
        referrerpolicy="no-referrer" i18n:translate="">Roundup docs</a>

where utils.roundup_version is a new TemplatingUtils method. Add to cgi/templating.py and it 
returns a string like "2.3.0". This should be done on all templates.

My implementation of roundup_version was added as templating util extension. The code is:

    from roundup import __version__ as roundup_version_str
    def roundup_version():
        return roundup_version_str

    def init(tracker):
        tracker.registerUtil('roundup_version', roundup_version)

when added to templating.py, probably only need the first three lines.

In addition to code change, add two sections to doc/upgrading.txt. Make adding
the referrerpolicy recommended and changing to a new url with the ref optional.

Hopefully this will get some info on what versions are in the wild and stop
internal url's from escaping to the logs.

History
Date	User	Action	Args
2023-10-24 02:26:32	rouilj	create

Roundup Tracker - Issues

Issue 2551295