October 2013 - websites - Fedora Mailing-Lists

[Fedora Infrastructure] #3796: remove _csrf_token from display URLs

by fedora-badges

#3796: remove _csrf_token from display URLs --------------------------+----------------------------- Reporter: till | Owner: webmaster Type: enhancement | Status: new Priority: major | Milestone: HANDWAVY-FUTURE Component: Web Content | Version: Severity: Normal | Keywords: Blocked By: | Blocking: Sensitive: 0 | --------------------------+----------------------------- = problem = Several web-apps use a URL paramenter called _csrf_token to prevent CSRF attacks. This token is shown in the URL location bar in browsers and makes URLs ugly and might lead to people exposing their CSRF token in e-mails. = analysis = HTML5 allows to manipulate the contents of the URL location bar. = enhancement recommendation = Deploy JavaScript like {{{ new_url = window.location.href.replace(/_csrf_token=[0-9a-f]{40}/, "").replace(/(\?|&)$/, ""); history.replaceState({}, document.title, new_url); }}} to remove the CSRF token from URLs shown in Browsers. This code might be adjusted to work in all browsers, but it works at least in Firefox. Maybe a JavaScript expert can take a look. The only disadvantage of this method is that going back in the history will reload a page that requires to reload re-verify. But this might be solved by storing the CSRF token in the history state. Also it does not seem to cause really trouble. -- Ticket URL: <https://fedorahosted.org/fedora-infrastructure/ticket/3796> Fedora Infrastructure <http://fedoraproject.org/wiki/Infrastructure> Fedora Infrastructure Project for Bugs, feature requests and access to our source code.

10 years, 5 months

1
5
0 / 0

[fedora-websites] #235: Prepare webpages for F20 Beta release

by fedora-badges

#235: Prepare webpages for F20 Beta release -----------------------+----------------------- Reporter: robyduck | Owner: webmaster Type: task | Status: new Priority: critical | Milestone: ASAP Component: General | Keywords: Blocked By: | Blocking: -----------------------+----------------------- Beta branch has been created, banner added and state globalvar set. Beta release process can be seen at \\ http://infrastructure.fedoraproject.org/infra/docs/fedorawebsites.txt Still have to start working really on it: * add countdown banners * modify release counter * add checksums * Desktop Spins now are under the live/ dir * check all the DL links and docs * check Cloud script for beta AMI IDs and add the IDs * ARM: verify shipped beta images Should be all going smooth this time, most of the scripting work has been done already for Alpha release (thx shaiton). -- Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/235> fedora-websites <https://fedoraproject.org/wiki/Websites> Fedora Website Team's Trac instance

10 years, 5 months

1
7
0 / 0

[fedora-websites] #236: make prominent verify checksums under the DL splashscreen

by fedora-badges

#236: make prominent verify checksums under the DL splashscreen --------------------------+----------------------- Reporter: shaiton | Owner: webmaster Type: enhancement | Status: new Priority: major | Milestone: Fedora 20 Component: General | Keywords: checksum Blocked By: | Blocking: --------------------------+----------------------- We now have *a lot* of checksums at the verify page. I can think of 2 solutions: - directly link the right checksum on the splashscreen (how to parse it correctly?) - link to the verify page passing through the DL target in order to highlight the right case on the verify table Solution #2 might be the easiest. -- Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/236> fedora-websites <https://fedoraproject.org/wiki/Websites> Fedora Website Team's Trac instance

10 years, 6 months

1
1
0 / 0

[fedora-websites] #222: rfe: make amazon ec2 click-to-launch link a local redirect so we can see how many times it's clicked

by fedora-badges

#222: rfe: make amazon ec2 click-to-launch link a local redirect so we can see how many times it's clicked --------------------------+----------------------- Reporter: mattdm | Owner: webmaster Type: enhancement | Status: new Priority: minor | Milestone: Component: get.fp.o | Keywords: Blocked By: | Blocking: --------------------------+----------------------- I kind of said it all in the subject there. :) The EC2 link is currently directly to amazon. It would be nice to get a basic idea of how often it's actually used, which we can't currently. -- Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/222> fedora-websites <https://fedoraproject.org/wiki/Websites> Fedora Website Team's Trac instance

10 years, 6 months

1
2
0 / 0

Joining the group

by Nicholas Blair

Hello my name is Nick aka wintermute I was wondering if I would be allow to join your group if possible. I have some web experience in PHP,HTML and CSS if there are other skills required I can definitely learn them and apply to the team.

10 years, 6 months

2
1
0 / 0

No funciona link

by José Contreras González

no funciona el link ftp://ftp.fi-b.unam.mx/fedora/linux/releases/19/Live/x86_64/Fedora-Live-Desktop-x86_64-19-1.iso Enviado con Correo de Windows

10 years, 6 months

2
1
0 / 0

bug found on website

by Ray Mellon

I found a bug on a link through http://fedoraproject.org/en/using/ clicking on the like for Hamster, lines 197, 198, 199, 200, 201 in the web page source code, sends you to this page: http://gnomejournal.org/article/73/tracking-your-time-with-project-hamster which appears not to be there. Thanks, Rhiannon

10 years, 6 months

2
1
0 / 0

Fedora 19 KDE website error

by Shay Maor

To whom it may concern, I'd like to first off preface by saying I love fedora and am honored to be given the opportunity to use it on a daily basis given the obvious attention to detail that went into its development. I would like to state however that the link on KDE's downloader is incorrect and currently directs to fedora jam. http://spins.fedoraproject.org/kde/#home It should be: http://torrent.fedoraproject.org/torrents/Fedora-Live-KDE-x86_64-19.torrent It currently is: http://torrent.fedoraproject.org/torrents/Fedora-Live-Jam-KDE-x86_64-19.t... Thank you for taking the time to read this message. Best Regards, Shay Maor

10 years, 6 months

2
1
0 / 0

FirewallD Wiki Typo

by Timothy Curchod

Hi, I noticed a typo on you page: http://fedoraproject.org/wiki/FirewallD In the part about Masquerading, it says: "The addresses of a private network a mapped to and hidden behind a public IP address."I believe it should say:"The addresses of a private network are mapped to and hidden behind a public IP address." Just thought I'd let you know. T. Curchod.

10 years, 6 months

2
1
0 / 0

Tutorial promoted on website is out of date, doesn't work

by Steve Harclerode

One of the top tutorials shown on http://fedoraproject.org/en/using/ -- the one here: http://fedoraproject.org/en/using/tutorials/launcher.html does not work on the standard install of Fedora 19. I believe the tutorial is outdated. It says that I should: 1. Right-click on an empty area of your desktop. 2. Click on the *Create Launcher* item in the desktop right-click menu. But right-clicking on the desktop, I only have options of "Settings" or "Change Background"

10 years, 6 months

4
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

websites October 2013