-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URL shortening / anonymising #4161
Comments
a solution: bridges can have private config |
@NotsoanoNimus Legend! |
@NotsoanoNimus what happened with the PR? I was just about to clone your repository :( |
Howdy, sorry about the confusion. If you're looking for this feature, you can pull from my divergent fork of this project. It has URL encryption/masking built in, but still left as an optional feature to enable. |
I was just looking at the PR before I noticed it was closed by its author. However, a part of me thinks generally encrypting the URL is against the spirit of this project, as it prevents users modifying the parameters. In the meantime, supporting the protection of credentials in all bridges with the private config method is a good idea and I hope self-hosting is easy enough. |
@NotsoanoNimus: would it be possible for you to create a docker repo on docker hub? @Mynacol i think that its not only this project's spirit, but generally an OSS spirit to give users freedom of using software as they're pleased. But i believe that currently (and sorry i dont mean to attack anyone - rss-bridge is amazing piece of software and i appreciate every line of code in it!), the freedom of using rss-bridge is severly limited: I can either do an instance only for myself, or fully open the instance for everyone around the world - not only to access it, but to use it in any way they want. And that's only if i have unlimited bandwidth on my internet connection, because with fully public instance people may and probably will abuse it. There's not much in between. Not to mention using rss-bridge in a more professional environment" let's say i would like to host something on a corporate server, but someone will modify the url, generating a feed for some illegal content and share the link (to a company owned subdoimain) online. |
I like this solution. In addition to shortening the long URL from its multiple parameters, it will also encrypt the token password used to access the bridge (as it was discussed previously, using token over HTTP username and passwords are preferred by some as their feed reader does not support HTTP login). This will definitely save me the effort of rotating out my instance's token and updating my feed reader's RSS-Bridge feeds the next time someone hijacks a domain I have a bridge on. |
Do you use domains without owning them and people register them "behind your back"? Then you're clearly using domains wrong. Either register domains you use yourself or use special top-level domains that are standardized as "for local use". E.g. |
I have a Linode instance that is accessed via DuckDNS. |
@Dinth I have manually merged their feature into my own branch: https://github.com/mruac/mruac-rss-bridge/tree/add-url-encryption You may be able use the Dockerfile included with the repo - though I have not tested it with the feature yet. It's working if I self host it though. |
Is your feature request related to a problem? Please describe.
I would like to setup RSS bridge generating some feeds (for example from OpenCVE) for use at work. Unfortunately, currently the feeds generated by rss-bridge contain all the details (like access credentials to the third party) within the url, so adding the link to rss-bridge feed into some scripts at work would also require me to share my OpenCVE credentials with my workmates.
Additionally, it opens rss-bridge to abuse in such scenario, when someone can freely modify the feed url to use it for personal reasons or even potentially inject some code through GET method.
Currently OpenCVE is a problem, but also i had some more advanced uses of rss-bridge in mind which unfortunately i wont be able to do in the current form (as they wont be share'able).
Describe the solution you'd like
I think that the easiest solution would be adding an pseudo-"url shortening" functionality to rss-bridge. Each generated feed within rss-bridge could have an ID assigned (lets say five-six random characters) and going to <rss-bridge.domain>/ would allow accessing it. Such access could not require credentials, while accessing the main (admin) url, would.
Describe alternatives you've considered
I was not able to think about any other alternatives.
The text was updated successfully, but these errors were encountered: