diff options
| author | Magnus Hagander | 2025-06-16 08:44:01 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2025-06-16 09:16:21 +0000 |
| commit | 616a02a79fa2bf4804adf5b73bf94c55343bc6df (patch) | |
| tree | d8af7354d23d6affaa003a07e09e9f8b4d638537 | |
| parent | 8323c9dd4895694df4070d13ae14dc9f7dcdd34d (diff) | |
Make antispam-protected links also be javascript-triggered
This makes a tiny javascript run to convert it into a POST and then
receive that POST. The idea behind this is to remove the links from view
of crawlers (hello AI bots!) that completely ignore robots.txt, causing
lots of redirect chains on account of logins.
We still allow GET requests on those endpoints, as there are external
links pointing to them as well as people having scripts. But those are
at least to fewer emails than all.
| -rw-r--r-- | django/archives/mailarchives/templates/_message.html | 6 | ||||
| -rw-r--r-- | django/archives/mailarchives/templates/message.html | 1 | ||||
| -rw-r--r-- | django/archives/mailarchives/templates/message_flat.html | 1 | ||||
| -rw-r--r-- | django/archives/mailarchives/templates/message_resend.html | 1 | ||||
| -rw-r--r-- | django/archives/mailarchives/views.py | 3 | ||||
| -rw-r--r-- | django/media/js/main.js | 8 |
6 files changed, 17 insertions, 3 deletions
diff --git a/django/archives/mailarchives/templates/_message.html b/django/archives/mailarchives/templates/_message.html index c90a80a..b4f42af 100644 --- a/django/archives/mailarchives/templates/_message.html +++ b/django/archives/mailarchives/templates/_message.html @@ -30,10 +30,10 @@ <tr> <th class="align-middle" scope="row">Views:</th> <td> - <a href="/message-id/raw/{{msg.messageid|urlencode}}">Raw Message</a> | <a href="/message-id/flat/{{msg.messageid|urlencode}}">Whole Thread</a> | - <a href="/message-id/mbox/{{msg.messageid|urlencode}}">Download mbox</a> -{%if allow_resend %}| <a href="/message-id/resend/{{msg.messageid|urlencode}}">Resend email</a>{%endif%} + <a href="#" data-ref="/message-id/raw/{{msg.messageid|urlencode}}" class="post-link">Raw Message</a> | + <a href="#" data-ref="/message-id/mbox/{{msg.messageid|urlencode}}" class="post-link">Download mbox</a> +{%if allow_resend %} | <a href="#" data-ref="/message-id/resend/{{msg.messageid|urlencode}}" class="post-link">Resend email</a>{%endif%} </td> </tr> {% if not show_all %} diff --git a/django/archives/mailarchives/templates/message.html b/django/archives/mailarchives/templates/message.html index 3de6998..b099a03 100644 --- a/django/archives/mailarchives/templates/message.html +++ b/django/archives/mailarchives/templates/message.html @@ -6,4 +6,5 @@ <h1 class="subject">{{msg.subject}}</h1> {%endif%} {% include '_message.html' with msg=msg lists=lists %} +<form id="mail_other_options_form" method="post" action="/"></form> {%endblock%} diff --git a/django/archives/mailarchives/templates/message_flat.html b/django/archives/mailarchives/templates/message_flat.html index c0196af..ff4e105 100644 --- a/django/archives/mailarchives/templates/message_flat.html +++ b/django/archives/mailarchives/templates/message_flat.html @@ -23,4 +23,5 @@ <hr style="margin-bottom: 0.5rem;" /> {% endif %} {%endfor%} +<form id="mail_other_options_form" method="post" action="/"></form> {%endblock%} diff --git a/django/archives/mailarchives/templates/message_resend.html b/django/archives/mailarchives/templates/message_resend.html index 0485726..f964032 100644 --- a/django/archives/mailarchives/templates/message_resend.html +++ b/django/archives/mailarchives/templates/message_resend.html @@ -17,4 +17,5 @@ <h4>Message to resend</h4> {% include '_message.html' with msg=msg lists=lists show_all=True %} +<form id="mail_other_options_form" method="post" action="/"></form> {%endblock%} diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py index 69172bd..1fc1a8a 100644 --- a/django/archives/mailarchives/views.py +++ b/django/archives/mailarchives/views.py @@ -547,6 +547,7 @@ def message_flat(request, msgid): return r +@csrf_exempt @nocache @antispam_auth def message_raw(request, msgid): @@ -606,6 +607,7 @@ def _build_mbox(query, params, msgid=None): return r +@csrf_exempt @nocache @antispam_auth def message_mbox(request, msgid): @@ -650,6 +652,7 @@ def mbox(request, listname, listname2, mboxyear, mboxmonth): @transaction.atomic +@csrf_exempt def resend(request, messageid): if not settings.ALLOW_RESEND: raise PermissionDenied("Access denied.") diff --git a/django/media/js/main.js b/django/media/js/main.js index 6e54b30..d25a86a 100644 --- a/django/media/js/main.js +++ b/django/media/js/main.js @@ -4,6 +4,14 @@ $(function(){ document.location.href = '/message-id/' + $(this).val(); }); + /* Callback for viewing protected versions */ + $('a.post-link').click(function(e) { + if ($(this).data('ref')) { + $('#mail_other_options_form').attr('action', $(this).data('ref')); + $('#mail_other_options_form').submit(); + } + }); + /* * For flat message view, redirect to the anchor of the messageid we're watching, |