[fedora-websites] #210: Should we re-organize download pages?
by fedora-badges
#210: Should we re-organize download pages?
--------------------------+-----------------------
Reporter: robyduck | Owner: webmaster
Type: enhancement | Status: new
Priority: major | Milestone:
Component: get.fp.o | Keywords:
Blocked By: | Blocking:
--------------------------+-----------------------
Our actual download pages are still remanends from older methods of
shipping Fedora. We had 6 or 7 CDs, spins and some netinstall CDs, but now
the arches and formats are much more and we are creating confusion. This
leads to misunderstandings and we are also not able to promote all the
arches the right way.
Actually we have 4 download pages on fp.o:
* get-fedora
* get-fedora-options
* get-fedora-all
* get-prerelease
and we have also http://spins.fedoraproject.org
My thought would be to:
* Drop the get-fedora-all page completely
* Avoid any kind of duplicates, i.e. some spins (the major ones) are
available on 2 or 3 pages. All spins should reside on spins.fp.o!
* Use the get-fedora page to promote all the shipping methods
The clearest method to do so IMHO would be to drop also the right random
banners we have on the sidebar (Desktop, 2nd-arches, Cloud, Spins) and to
put them into the get-fedora page.\\
They should link to the tabs in get-fedora-options or to our spins page
and give users a clear idea of what is available.\\
Same for get-pre-release: it would be easy to promote on the get-fedora
page, and we could also advertise it better on our main page.
If I can find some time after F19 GA I could give it a try, but if you
have concerns or ideas please let me know and comment.
--
Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/210>
fedora-websites <https://fedoraproject.org/wiki/Websites>
Fedora Website Team's Trac instance
10 years, 4 months
[Fedora Infrastructure] #3796: remove _csrf_token from display URLs
by fedora-badges
#3796: remove _csrf_token from display URLs
--------------------------+-----------------------------
Reporter: till | Owner: webmaster
Type: enhancement | Status: new
Priority: major | Milestone: HANDWAVY-FUTURE
Component: Web Content | Version:
Severity: Normal | Keywords:
Blocked By: | Blocking:
Sensitive: 0 |
--------------------------+-----------------------------
= problem =
Several web-apps use a URL paramenter called _csrf_token to prevent CSRF
attacks. This token is shown in the URL location bar in browsers and makes
URLs ugly and might lead to people exposing their CSRF token in e-mails.
= analysis =
HTML5 allows to manipulate the contents of the URL location bar.
= enhancement recommendation =
Deploy JavaScript like
{{{
new_url = window.location.href.replace(/_csrf_token=[0-9a-f]{40}/,
"").replace(/(\?|&)$/, "");
history.replaceState({}, document.title, new_url);
}}}
to remove the CSRF token from URLs shown in Browsers.
This code might be adjusted to work in all browsers, but it works at least
in Firefox. Maybe a JavaScript expert can take a look. The only
disadvantage of this method is that going back in the history will reload
a page that requires to reload re-verify. But this might be solved by
storing the CSRF token in the history state. Also it does not seem to
cause really trouble.
--
Ticket URL: <https://fedorahosted.org/fedora-infrastructure/ticket/3796>
Fedora Infrastructure <http://fedoraproject.org/wiki/Infrastructure>
Fedora Infrastructure Project for Bugs, feature requests and access to our source code.
10 years, 4 months
[fedora-websites] #197: Should we create a schedule static page
by fedora-badges
#197: Should we create a schedule static page
--------------------------+-----------------------
Reporter: shaiton | Owner: webmaster
Type: enhancement | Status: new
Priority: major | Milestone:
Component: General | Keywords:
Blocked By: | Blocking:
--------------------------+-----------------------
There is no easy way to know when our next Fedora will be released.
People should look for the right wiki page, and there could be frequent
updates.
I propose to design a simple page containing the main schedules (Alpha,
Beta and GA releases).
The data would be taken from the online official schedule (parsing as XML
I think). This would be shared by ou main fpo websites (for the countdown
banner..)
The content would be in fpo/get-prerelease and on a secondary page like
schedule.fpo? or just fpo/schedule?
--
Ticket URL: <https://fedorahosted.org/fedora-websites/ticket/197>
fedora-websites <https://fedoraproject.org/wiki/Websites>
Fedora Website Team's Trac instance
10 years, 5 months