[#38981] - RSS feed still available if it is disabled in menu item options
- Closed
- 22 Jun 2024
- Medium
- Build: 4.2-dev
- # 38981
There is a blog category called blog.
Edit menu item > Integration > RSS Feed Link > show
We can see RSS feed in HTML code at the frontend:
<link href="/index.php/blog?format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0">
<link href="/index.php/blog?format=feed&type=atom" rel="alternate" type="application/atom+xml" title="Atom 1.0">
Then I disable RSS Feed Link parameter and no such lines appears in HTML.
BUT! If a user go to index.php/blog?format=feed&type=rss, the feed is still available.
Using typical URL prefix, it is possible to take news from each Joomla based site, if I am not wrong.
This is not good since it allows to grab content from other sites.
My proposal is to give 404 error if RSS Feed Link parameter is set to Hide.
If it is not possible, then maybe a little trick will help:
Param 'Include in Feed' - add NONE option and no content will be added.
Joomla 4.2.3
Votes
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
Hackwar
- | Labels |
Added:
bug
|
||
Ok, let it be, as you said — this is a question of the right terminology.
Yes, a user can access to any content using some manipulation with the URL.
However, in case of RSS the problem is this approach gives a way to import the content from 3rd party resource via RSS link.
And maybe it would be better to make such restriction to block RS feed as a core Joomla feature?
On other hand, I can't say it is a critical problem, I just noticed this and decided to share the idea how to make J better with extra protection in case when a user does not want other persons to grab the content.
In order to grab the content you would have to know how to craft the url. For that person it would be trivial to scrape the html.
Hi Brian, I'm actually not really that happy about this non-solution. I'm tackling over 1000 404's right now caused by the Joomla RSS feeds. Not only does the RSS not get a 404, there is a faulty link construction in here somewhere. Images get urls like https://www.dolcevia.com/en//en/images/2023/Regionaal/campania/Ferry_Ischia.jpg and SEF component creates links in articles like Ischia shines in the shadow of Mount Vesuvius
This is quite damaging to my SEO. I've checked this on my other websites which have the same problems.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/38981.
Quy
- 
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2024-06-22 16:01:30 |
| Closed_By | ⇒ | Quy |
Hi there, Thanks for this update. Any reason why the images are still repeating the installation folder? And can i fix that myself? [https://www.dolcevia.com/nl/italie-reizen/agriturismo?format=feed&type=rss ]
The option says to hide or show the link and it does that correctly
So the question is "Should you be able to access the RSS feed for a menu item if the link is not shown?"
At first look it could be assumed that you should not be able to manually type a link to the rss feed for that menu item. However it is always possible in Joomla to display any piece of content (subject to acl) if you know what to type as the url completely bypassing any menu item restrictions.
So my 2c is that the description of this option accurately describes what it does and that your expectation is both incorrect. In addition your proposal would not always block access to an rss feed