From da4665c7590616dd3d17baf4488006dac98eeee4 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 8 Jun 2019 23:33:34 +0200
Subject: [PATCH] Respect DNT header

Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.

This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.

This should later-on extended towards other document content (i.e.
iframe based content).

The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/response.js            | 6 ++++--
 public/views/pretty.ejs    | 2 +-
 public/views/shared/ga.ejs | 2 +-
 public/views/slide.ejs     | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/response.js b/lib/response.js
index dd33e42..1313f9f 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -226,7 +226,8 @@ function showPublishNote (req, res, next) {
         robots: meta.robots || false, // default allow robots
         GA: meta.GA,
         disqus: meta.disqus,
-        cspNonce: res.locals.nonce
+        cspNonce: res.locals.nonce,
+        dnt: req.headers.dnt
       }
       return renderPublish(data, res)
     }).catch(function (err) {
@@ -608,7 +609,8 @@ function showPublishSlide (req, res, next) {
         robots: meta.robots || false, // default allow robots
         GA: meta.GA,
         disqus: meta.disqus,
-        cspNonce: res.locals.nonce
+        cspNonce: res.locals.nonce,
+        dnt: req.headers.dnt
       }
       return renderPublishSlide(data, res)
     }).catch(function (err) {
diff --git a/public/views/pretty.ejs b/public/views/pretty.ejs
index 9604d42..1970ab2 100644
--- a/public/views/pretty.ejs
+++ b/public/views/pretty.ejs
@@ -63,7 +63,7 @@
         </div>
     </div>
     <div id="ui-toc-affix" class="ui-affix-toc ui-toc-dropdown unselectable hidden-print" data-spy="affix" style="display:none;"></div>
-    <% if(typeof disqus !== 'undefined' && disqus) { %>
+    <% if(typeof disqus !== 'undefined' && disqus && !dnt) { %>
     <div class="container-fluid" style="max-width: 758px; margin-bottom: 40px;">
         <%- include shared/disqus %>
     </div>
diff --git a/public/views/shared/ga.ejs b/public/views/shared/ga.ejs
index 27abb74..f6b807f 100644
--- a/public/views/shared/ga.ejs
+++ b/public/views/shared/ga.ejs
@@ -1,4 +1,4 @@
-<% if(typeof GA !== 'undefined' && GA) { %>
+<% if(typeof GA !== 'undefined' && GA && !dnt) { %>
 <script nonce="<%= cspNonce %>">
 (function (i, s, o, g, r, a, m) {
     i['GoogleAnalyticsObject'] = r;
diff --git a/public/views/slide.ejs b/public/views/slide.ejs
index ff4be9e..3331b85 100644
--- a/public/views/slide.ejs
+++ b/public/views/slide.ejs
@@ -78,7 +78,7 @@
                         <% } %>
                     </small>
                 </div>
-                <% if(typeof disqus !== 'undefined' && disqus) { %>
+                <% if(typeof disqus !== 'undefined' && disqus && !dnt) { %>
                 <div class="slides-disqus">
                     <%- include shared/disqus %>
                 </div>