Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#5944 closed change (fixed)

Introduce sitescripts.reports.web.resolveReport handler

Reported by: matze Assignee: kvas
Priority: P3 Milestone:
Module: Sitescripts Keywords:
Cc: Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/29584613/

Description

... to accept encrypted guid values, decrypt them, and redirect to the volatile, original report, if still available, e.g.

GET /resolveReport/nQLtNSgZDgffX2C7,Qn4UyBEVZQqUnxj8mTiviOkyHSezUJNN/X7O2zfx9/TDWbYSistlhACGNd3m1ScdERLJQg== HTTP/1.1
Host: reports.adblockplus.org
HTTP/1.1 302 FOUND
Location: https://reports.adblockplus.org/digest/b418ffa6-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The idea is to implement this logic as a WSGI handler (analogous to the other ones in []sitescripts.reports.web) and apply access-control in the surrounding HTTPd layer, so that between the above request and response example there would be an HTTP auth challenge (via HTTPS) when redirecting for the first time in the current browser session.

This should allow for i.e. data dashboards to link to the original data records despite their anonymization, whilst also providing sufficient access control.

Change History (3)

comment:1 Changed 2 years ago by abpbot

comment:2 Changed 2 years ago by kvas

  • Resolution set to fixed
  • Status changed from new to closed

comment:3 Changed 2 years ago by trev

For reference, the correct URL would be https://reports.adblockplus.org/b418ffa6-xxxx-xxxx-xxxx-xxxxxxxxxxxx - this is not a digest.

Note: See TracTickets for help on using tickets.