depau
/
HackMD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Respect DNT header 

Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.

This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.

This should later-on extended towards other document content (i.e.
iframe based content).

The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2019-06-08 23:33:34 +02:00
parent 6462968e84
commit da4665c759
No known key found for this signature in database
GPG Key ID: 1F05CC3635CDDFFD
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/response.js
View File

@ -226,7 +226,8 @@ function showPublishNote (req, res, next) {
robots: meta.robots || false, // default allow robots robots: meta.robots || false, // default allow robots
GA: meta.GA, GA: meta.GA,
disqus: meta.disqus, disqus: meta.disqus,
cspNonce: res.locals.nonce cspNonce: res.locals.nonce,
dnt: req.headers.dnt
} }
return renderPublish(data, res) return renderPublish(data, res)
}).catch(function (err) { }).catch(function (err) {
@ -608,7 +609,8 @@ function showPublishSlide (req, res, next) {
robots: meta.robots || false, // default allow robots robots: meta.robots || false, // default allow robots
GA: meta.GA, GA: meta.GA,
disqus: meta.disqus, disqus: meta.disqus,
cspNonce: res.locals.nonce cspNonce: res.locals.nonce,
dnt: req.headers.dnt
} }
return renderPublishSlide(data, res) return renderPublishSlide(data, res)
}).catch(function (err) { }).catch(function (err) {

2
public/views/pretty.ejs
View File

@ -63,7 +63,7 @@
</div> </div>
</div> </div>
<div id="ui-toc-affix" class="ui-affix-toc ui-toc-dropdown unselectable hidden-print" data-spy="affix" style="display:none;"></div> <div id="ui-toc-affix" class="ui-affix-toc ui-toc-dropdown unselectable hidden-print" data-spy="affix" style="display:none;"></div>
<% if(typeof disqus !== 'undefined' && disqus) { %> <% if(typeof disqus !== 'undefined' && disqus && !dnt) { %>
<div class="container-fluid" style="max-width: 758px; margin-bottom: 40px;"> <div class="container-fluid" style="max-width: 758px; margin-bottom: 40px;">
<%- include shared/disqus %> <%- include shared/disqus %>
</div> </div>

2
public/views/shared/ga.ejs
View File

@ -1,4 +1,4 @@
<% if(typeof GA !== 'undefined' && GA) { %> <% if(typeof GA !== 'undefined' && GA && !dnt) { %>
<script nonce="<%= cspNonce %>"> <script nonce="<%= cspNonce %>">
(function (i, s, o, g, r, a, m) { (function (i, s, o, g, r, a, m) {
i['GoogleAnalyticsObject'] = r; i['GoogleAnalyticsObject'] = r;

2
public/views/slide.ejs
View File

@ -78,7 +78,7 @@
<% } %> <% } %>
</small> </small>
</div> </div>
<% if(typeof disqus !== 'undefined' && disqus) { %> <% if(typeof disqus !== 'undefined' && disqus && !dnt) { %>
<div class="slides-disqus"> <div class="slides-disqus">
<%- include shared/disqus %> <%- include shared/disqus %>
</div> </div>