modules/web/templates/adblockplus.org.conf.erb - Issue 29596592: #4846 - Redirect non-matched requests to new redirects service

Delta Between Two Patch Sets: modules/web/templates/adblockplus.org.conf.erb

Issue 29596592: #4846 - Redirect non-matched requests to new redirects service (Closed) Base URL: https://hg1/infrastructure

Left Patch Set: Created Nov. 3, 2017, 10:17 a.m.

Right Patch Set: leave out transport information Created Nov. 3, 2017, 1:22 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 # XSS and clickjacking prevention headers	1 # XSS and clickjacking prevention headers

2	2

3 set $csp_frame "";	3 set $csp_frame "";

4 if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index\|firefox\|chrome\|opera\|android\|internet-ex plorer\|safari\|yandex-browser\|maxthon)?$\|^/blog/)	4 if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index\|firefox\|chrome\|opera\|android\|internet-ex plorer\|safari\|yandex-browser\|maxthon)?$\|^/blog/)

5 {	5 {

6 set $csp_frame "; frame-src www.youtube-nocookie.com;";	6 set $csp_frame "; frame-src www.youtube-nocookie.com;";

7 }	7 }

8 add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-s rc 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_ frame";	8 add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-s rc 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_ frame";

9 add_header X-Frame-Options "sameorigin";	9 add_header X-Frame-Options "sameorigin";

10	10

(...skipping 337 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
348 }	348 }

349 if ($arg_link = "whitelist")	349 if ($arg_link = "whitelist")

350 {	350 {

351 set $link "faq_basics";	351 set $link "faq_basics";

352 set $anchor "#disable";	352 set $anchor "#disable";

353 }	353 }

354	354

355 if ($link = "")	355 if ($link = "")

356 {	356 {

357 # If there is no match in the legacy redirects, let the new redirect service handle it:	357 # If there is no match in the legacy redirects, let the new redirect service handle it:

358 rewrite ^ $scheme://adblockplus.to/$arg_link/legacy_redirect redirect;	358 rewrite ^ $scheme://adblockplus.to/$arg_link/legacy redirect;
mathias 2017/11/03 12:38:13 I do not like the `/legacy_redirect` part. It look I do not like the `/legacy_redirect` part. It looks like unnecessary CO2 production to me. Why should `adblockplus.org/redirect?link=foobar` not redirect to `adblockplus.to/foobar`? If we find that it makes sense to designate the heritage in similar fashion after all (which I am not convinced of, but for the sake of argument), I would suggest something that avoids the bytes which do not transport information (`_redirect`) and in general put the classification first (`adblockplus.to/legacy/$arg_link`). f.nicolaisen 2017/11/03 12:54:04 My idea was that this would be valuable for tracki Show quoted text On 2017/11/03 12:38:13, mathias wrote: > I do not like the `/legacy_redirect` part. It looks like unnecessary CO2 > production to me. Why should `adblockplus.org/redirect?link=foobar` not redirect > to `adblockplus.to/foobar`? My idea was that this would be valuable for tracking usage before eventually sunsetting the old redirect endpoint. This way we can use the new stats produced for eyeo.to to track how much the old redirects are being used (and from where they come). Show quoted text > If we find that it makes sense to designate the heritage in similar fashion > after all (which I am not convinced of, but for the sake of argument), I would > suggest something that avoids the bytes which do not transport information > (`_redirect`) and in general put the classification first > (`adblockplus.to/legacy/$arg_link`). Would that still be forward-compatible with using the new redirects URLs? As an example, from #4687, I need this URL for whatever legacy reasons: adblockplus.org/redirect?link=privacy_friendly_ads However, I also want to start using the new, nicer URL: adblockplus.to/privacy_friendly_ads This would require a single entry in the eyeo.to hiera data (given this patch), and I get a nice URL to share around, which makes it easier to convince developers that they should use the new redirect service as well. If we would require the /legacy/ classification, I would get the uglier adblockplus.to/legacy/privacy_friendly_ads URL, and/or I would have to add a second hiera entry for the "modern" redirect adblockplus.to/privacy_friendly_ads. Unless I'm misunderstanding.. f.nicolaisen 2017/11/03 13:23:41 Addressed this in PS2. Show quoted text On 2017/11/03 12:38:13, mathias wrote: > ... > I would > suggest something that avoids the bytes which do not transport information > (`_redirect`) Addressed this in PS2.
359 }	359 }

360	360

361 if (!-f "$document_root/$lang/$link")	361 if (!-f "$document_root/$lang/$link")

362 {	362 {

363 set $lang "!!";	363 set $lang "!!";

364 }	364 }

365 set $langtest "$arg_lang $lang";	365 set $langtest "$arg_lang $lang";

366 if ($langtest ~ "^(\w+)-(\w+) !!")	366 if ($langtest ~ "^(\w+)-(\w+) !!")

367 {	367 {

368 set $lang "$1_$2";	368 set $lang "$1_$2";

(...skipping 61 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
430 location /403.html	430 location /403.html

431 {	431 {

432 try_files $uri @proxied;	432 try_files $uri @proxied;

433 }	433 }

434 location @proxied	434 location @proxied

435 {	435 {

436 proxy_pass https://server16.adblockplus.org;	436 proxy_pass https://server16.adblockplus.org;

437 proxy_set_header Host adblockplus.org;	437 proxy_set_header Host adblockplus.org;

438 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	438 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

439 }	439 }

LEFT	RIGHT