Accessing private links in RSS feeds without being logged in #845
Comments
|
Unfortunately, that's not possible yet. It's related to #475 (the thread isn't really relevant). |
Relates to shaarli#845 Relates to shaarli#846 Relates to shaarli#909 Signed-off-by: VirtualTam <[email protected]>
|
I have an almost working PR ready to share private bookmarks by URL (#475) but I'm slightly torn about this issue:
I'd like to have more opinions about that. |
Yes. The key could be unique to each share. But then comes the problem of how it is generated, stored... Edit: some tools assume this is fine. For example tt-rss has a feature that generates a private feed from bookmarked items, this feed is only protected by a single secret key in URL parameters. So this might be ok with a proper warning.
Why not?
Then for this specific use case, why not put Shaarli behind HTTP Basic authentication? TT-RSS supports authenticating to feeds in this way. See #802 and #1189 (where you can find a PoC for basic auth in apache, with some problems - overides some default |
You actually gave me an idea. It's apparently possible to request an HTTP authentication from PHP. What if we just triggered that to display the private ATOM feed? For the record, I use FreshRSS which also seems to support HTTP Basic auth. |
I've created a Shaarli instance recently and it's all going smoothly!
Currently the generated feeds (for instance
/?do=rss&searchtags=toread) display private links if the user is currently logged in and public links.Is there a way to include private links if the user is not logged in?
The first obvious idea that comes to mind would be to use random private keys (
/?do=rss&searchtags=toread&key=rfyugbinuyhinjkljhgfbdv).My use case is to have my Tiny Tiny RSS instance to subscribe to my Shaarli feeds (all my links on Shaarli are private).
Thanks!
The text was updated successfully, but these errors were encountered: