CB Activity: Embedded URL are not working if OWN site is hidden behind login

3 years 3 months ago - 3 years 3 months ago #321563 by timstohr
Hi Kyle,
I have quite a funny bug/missing feature. My whole site is behind login apart from the CB Login page and the main page. Anyway, it is only usable if you login.

I have now the problem that the embedded links to my own site show up funny when I post it on my own cb activity. CB Activity streams can only be accessed by registered (as set in the CB Activity plugin configuration) and my own embedder spider cannot access a link to my own site (which is at the same level as the CB Activity plugin?

This has been bugging me for some time and would be great if you could solve it. There does not seem to be any reason why the embedder cannot simply use the same access as the CB Activity plugin no?

Please Log in to join the conversation.

3 years 3 months ago #321564 by krileon
The embedding does an HTTP request from the server, not the user, to the supplied URL to grab its metedata and verify the URL even exists. It does not pass any cookies with this request for security purposes. For it to do what you're wanting it would need to pass the login cookie state with the HTTP request, but only to on-site URLs. I'll consider implementing that in a future request, but it is not a priority as there's security issues possible here.

forge.joomlapolis.com/issues/8261


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

3 years 3 months ago #321566 by timstohr
Hi Kyle,
I understand it that it is not possible that soon. But maybe we could have a workaround?


Maybe we could have a setting at the backend configuration that it should NOT use the embedded links IF the URL leads to the own site?

I think that would be a good workaround for the moment no?

Kind regards,


Tim

Please Log in to join the conversation.

3 years 3 months ago #321568 by krileon
I'm not adding a new parameter to remove it later, sorry. Adding new parameters to streams is also a complex process involving over a dozen different locations as well. It should already be rejecting inaccessible URLs with "Please provide a valid link." if the URL does respond with a 200 response it will at least still share the link, but the user will have to supply the title/description if one can't be parsed.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.192 seconds

Facebook Twitter LinkedIn