Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The analytics tools are not showing referral traffic due to no-referer #2900

Closed
JohnNiang opened this issue Dec 9, 2022 · 3 comments · Fixed by #2972
Closed

The analytics tools are not showing referral traffic due to no-referer #2900

JohnNiang opened this issue Dec 9, 2022 · 3 comments · Fixed by #2972
Assignees
@JohnNiang
Labels
area/core Issues or PRs related to the Halo Core kind/improvement Categorizes issue or PR as related to a improvement.
Milestone
2.1.0

Comments

@JohnNiang
Copy link
Member

What is version of Halo has the issue?

2.0.1

What database are you using?

H2

What is your deployment method?

Docker

Your site address.

No response

What happened?

Please see the response header of index page:

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: text/html
Content-Language: en-US
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
+ Referrer-Policy: no-referrer
content-encoding: gzip
content-length: 4069

I suggest separating API authentication and other authentications. This allows us to adapt different strategies for different endpoints.

Relevant log output

No response

Additional information

/kind imporvement
/area core
@f2c-ci-robot f2c-ci-robot bot added the area/core Issues or PRs related to the Halo Core label Dec 9, 2022
@f2c-ci-robot
Copy link

f2c-ci-robot bot commented Dec 9, 2022

@JohnNiang: The label(s) kind/imporvement cannot be applied, because the repository doesn't have them.

In response to this:

What is version of Halo has the issue?

2.0.1

What database are you using?

H2

What is your deployment method?

Docker

Your site address.

No response

What happened?

Please see the response header of index page:

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: text/html
Content-Language: en-US
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
+ Referrer-Policy: no-referrer
content-encoding: gzip
content-length: 4069

I suggest separating API authentication and other authentications. This allows us to adapt different strategies for different endpoints.

Relevant log output

No response

Additional information

/kind imporvement
/area core

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@JohnNiang JohnNiang added the kind/improvement Categorizes issue or PR as related to a improvement. label Dec 9, 2022
@JohnNiang
Copy link
Member Author

/milestone 2.1.x

@f2c-ci-robot f2c-ci-robot bot added this to the 2.1.x milestone Dec 9, 2022
@JohnNiang
Copy link
Member Author

/assign

@JohnNiang JohnNiang mentioned this issue Dec 15, 2022
Merged
f2c-ci-robot bot pushed a commit that referenced this issue Dec 16, 2022
@JohnNiang
Apply specific headers for portal endpoints (#2972)
09d4b40 
#### What type of PR is this?

/kind improvement
/area core

#### What this PR does / why we need it:

This PR separates security configuration of RESTful APIs and portal pages to configure specific headers for portal pages, such as `Referrer-Policy` and `X-Frame-Options`.

#### Which issue(s) this PR fixes:

Fixes #2900

#### Special notes for your reviewer:

You can see the response headers of index page:

```diff
HTTP/1.1 200 OK
Content-Type: text/html
Content-Language: en-US
+ X-Content-Type-Options: nosniff
+ X-Frame-Options: SAMEORIGIN
+ X-XSS-Protection: 0
+ Referrer-Policy: strict-origin-when-cross-origin
content-encoding: gzip
content-length: 4285
```

and request headers with `Referer`:
```diff
GET / HTTP/1.1
Host: localhost:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
+ Referer: http://localhost:8090/archives/12341234
Connection: keep-alive
Cookie: _ga_Z907HJBP8W=GS1.1.1670164888.1.1.1670165603.0.0.0; _ga=GA1.1.807839437.1670164889; SESSION=539e060e-c11e-4b6d-a749-882905b30a88; XSRF-TOKEN=4b692b55-638c-4497-8a4b-be00986eda90
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
```

#### Does this PR introduce a user-facing change?

```release-note
解决访问分析工具无法显示 referer 的问题
```
@ruibaby ruibaby modified the milestones: 2.1.x, 2.1.0 Dec 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JohnNiang JohnNiang

Labels
area/core Issues or PRs related to the Halo Core kind/improvement Categorizes issue or PR as related to a improvement.
Projects
None yet
Milestone
2.1.0
Development

Successfully merging a pull request may close this issue.

Apply specific headers for portal endpoints JohnNiang/halo
2 participants
@JohnNiang @ruibaby