Latest Posts

Topic: French forum unavailable from widelands.fr

kaputtnik
Avatar
Joined: 2013-02-18, 20:48
Posts: 2433
OS: Archlinux
Version: current master
Ranking
One Elder of Players
Location: Germany
Posted at: 2016-09-02, 20:16

After thinking about this over the day, i think we should leave it as it is. The Reason is quite simple: Since there is no possibility to allow only specific websites (f.e. widelands.fr) to display the forum in an iframe, we have no control about possible other websites doing it.

Vassili: Isn't it possible to use the Feeds for this? Latest posts feed on french forum, Latest Topics feed on french forum Don't know if clickjacking protection is used here also... if it is used we could disable it for the feeds (which should be safe, imho).


Fight simulator for Widelands:
https://wide-fighter.netlify.app/

Top Quote
Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-09-02, 20:24

The goal was to get french speaking people, to your already existing forum. Not to show an RSS.


Top Quote
freem

Joined: 2012-07-03, 08:25
Posts: 32
Ranking
Pry about Widelands
Posted at: 2016-09-07, 05:09

Could I ask first what is clickjacking? The way I'm understanding it, but I'm not a webdev, is that it is a protection for websites with ads, to avoid bots, and widelands does not have any. So, does it have any interest in widelands.org's case?

The most important thing I know about code, which is as important in all categories (system, web, game, etc) is that 1 line of code is always a pain and a danger when it is not useful (I have some system coder xp, for what it is worth). So, even if I do understand the use of frameworks, I am against the use of default options when they are not understood. The few things I know about security include that something not understood is more dangerous than something which is.


Top Quote
SirVer

Joined: 2009-02-19, 15:18
Posts: 1445
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2016-09-07, 07:27

Clickjacking is also about ownership and transparency and clarity for the user: an iframe on another site that embeds the Widelands website sends the message that the content displayed belongs to the other site, not Widelands.org. Is that a problem? It could be - what if the embedding site contains content that Widelands.org does not agree with or does not want to be involved with (e.g. politics, religion). Also iframes might break functionality due to POSTs not working as expected (same origin policy). Interesting stack overflow discussion.

In this particular case, about widelands.fr, I think linking is the correct choice and iframes are not, because you require an account on widelands.org to post in the forums, but do not require a widelands.fr account for that. Linking will be less confusing to users than an iframe.

Edited: 2016-09-07, 07:34

Top Quote