modules/web/templates/adblockplus.org.conf.erb - Issue 29596592: #4846 - Redirect non-matched requests to new redirects service

Side by Side Diff: modules/web/templates/adblockplus.org.conf.erb

Issue 29596592: #4846 - Redirect non-matched requests to new redirects service (Closed) Base URL: https://hg1/infrastructure

Patch Set: Created Nov. 3, 2017, 10:17 a.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 # XSS and clickjacking prevention headers	1 # XSS and clickjacking prevention headers

2	2

3 set $csp_frame "";	3 set $csp_frame "";

4 if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index\|firefox\|chrome\|opera\|android\|internet-ex plorer\|safari\|yandex-browser\|maxthon)?$\|^/blog/)	4 if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index\|firefox\|chrome\|opera\|android\|internet-ex plorer\|safari\|yandex-browser\|maxthon)?$\|^/blog/)

5 {	5 {

6 set $csp_frame "; frame-src www.youtube-nocookie.com;";	6 set $csp_frame "; frame-src www.youtube-nocookie.com;";

7 }	7 }

8 add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-s rc 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_ frame";	8 add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-s rc 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_ frame";

9 add_header X-Frame-Options "sameorigin";	9 add_header X-Frame-Options "sameorigin";

10	10

(...skipping 336 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
347 set $link "contributors";	347 set $link "contributors";

348 }	348 }

349 if ($arg_link = "whitelist")	349 if ($arg_link = "whitelist")

350 {	350 {

351 set $link "faq_basics";	351 set $link "faq_basics";

352 set $anchor "#disable";	352 set $anchor "#disable";

353 }	353 }

354	354

355 if ($link = "")	355 if ($link = "")

356 {	356 {

357 return 404;	357 # If there is no match in the legacy redirects, let the new redirect service handle it:

	358 rewrite ^ $scheme://adblockplus.to/$arg_link/legacy_redirect redirect;
	mathias 2017/11/03 12:38:13 I do not like the `/legacy_redirect` part. It look I do not like the `/legacy_redirect` part. It looks like unnecessary CO2 production to me. Why should `adblockplus.org/redirect?link=foobar` not redirect to `adblockplus.to/foobar`? If we find that it makes sense to designate the heritage in similar fashion after all (which I am not convinced of, but for the sake of argument), I would suggest something that avoids the bytes which do not transport information (`_redirect`) and in general put the classification first (`adblockplus.to/legacy/$arg_link`). f.nicolaisen 2017/11/03 12:54:04 My idea was that this would be valuable for tracki Show quoted text On 2017/11/03 12:38:13, mathias wrote: > I do not like the `/legacy_redirect` part. It looks like unnecessary CO2 > production to me. Why should `adblockplus.org/redirect?link=foobar` not redirect > to `adblockplus.to/foobar`? My idea was that this would be valuable for tracking usage before eventually sunsetting the old redirect endpoint. This way we can use the new stats produced for eyeo.to to track how much the old redirects are being used (and from where they come). Show quoted text > If we find that it makes sense to designate the heritage in similar fashion > after all (which I am not convinced of, but for the sake of argument), I would > suggest something that avoids the bytes which do not transport information > (`_redirect`) and in general put the classification first > (`adblockplus.to/legacy/$arg_link`). Would that still be forward-compatible with using the new redirects URLs? As an example, from #4687, I need this URL for whatever legacy reasons: adblockplus.org/redirect?link=privacy_friendly_ads However, I also want to start using the new, nicer URL: adblockplus.to/privacy_friendly_ads This would require a single entry in the eyeo.to hiera data (given this patch), and I get a nice URL to share around, which makes it easier to convince developers that they should use the new redirect service as well. If we would require the /legacy/ classification, I would get the uglier adblockplus.to/legacy/privacy_friendly_ads URL, and/or I would have to add a second hiera entry for the "modern" redirect adblockplus.to/privacy_friendly_ads. Unless I'm misunderstanding.. f.nicolaisen 2017/11/03 13:23:41 Addressed this in PS2. Show quoted text On 2017/11/03 12:38:13, mathias wrote: > ... > I would > suggest something that avoids the bytes which do not transport information > (`_redirect`) Addressed this in PS2.
358 }	359 }

359	360

360 if (!-f "$document_root/$lang/$link")	361 if (!-f "$document_root/$lang/$link")

361 {	362 {

362 set $lang "!!";	363 set $lang "!!";

363 }	364 }

364 set $langtest "$arg_lang $lang";	365 set $langtest "$arg_lang $lang";

365 if ($langtest ~ "^(\w+)-(\w+) !!")	366 if ($langtest ~ "^(\w+)-(\w+) !!")

366 {	367 {

367 set $lang "$1_$2";	368 set $lang "$1_$2";

(...skipping 61 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
429 location /403.html	430 location /403.html

430 {	431 {

431 try_files $uri @proxied;	432 try_files $uri @proxied;

432 }	433 }

433 location @proxied	434 location @proxied

434 {	435 {

435 proxy_pass https://server16.adblockplus.org;	436 proxy_pass https://server16.adblockplus.org;

436 proxy_set_header Host adblockplus.org;	437 proxy_set_header Host adblockplus.org;

437 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	438 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

438 }	439 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »