Making a feed public?

[Aasemoon]

Hi there,

FreshRSS has this very useful ability to create a single RSS feed out of multiple feeds. But is there a way I can make this new feed public, so that it can be viewed without having to login? For instance via a feed reader that doesn't have the ability to login? I also see that there's this "allow unsafe automatic login.." format that can be used to access the reader, but the feeds don't seem to be accessible in this fashion. So is there a way around this?

Thanks!

[Alkarex]

Yes, this is possible when you define a token in your settings. However, this token approach is on the road-map to be revisited, because the current token is not so much meant for being public, but rather enable the output to be consumed by something else you control. Indeed, there is currently one single token per user, which basically gives access to all your outputs if you make it public.

[Aasemoon]

@Alkarex Oh that's perfect actually, it does provide what I'm looking for. I had somehow missed the whole token thing. Thanks a lot! =)

[TheNomad11]

If it then would be possible, to make one single feed public - as possible with TinyTinyRSS (ttrss)- it would be perfect and I could move all my feeds to FreshRSS.

I use this feature for Feedreaders (based on simplepie) that cannot read some feeds - in my case it is FeedWordpress where I aggregate many different sites. I then subscribe to the public feed generated by ttrss instead.

[printfuck]

At the moment this is achievable when FreshRSS is being run behind nginx or apache. You would have to proxy_pass specific locations to the shared feed, so nobody gets to know the token. I nginx this might look like this:

server {
        server_name rss.domain.bar;
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        # Needed for Freshrss cookie/session :
        proxy_cookie_path / "/; HTTPOnly; Secure";

        location /public_feed1 {
                proxy_pass http://127.0.0.1:8083/?a=rss&get=c_2&rid=6013240729220&user=[user]&token=[token]&hours=168;
                proxy_buffering off;
                proxy_set_header Host $host;
        }

        location / {
                proxy_pass http://127.0.0.1:8083/;
                add_header X-Frame-Options SAMEORIGIN;
                add_header X-XSS-Protection "1; mode=block";
                proxy_redirect off;
                proxy_buffering off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_read_timeout 90;

                # Forward the Authorization header for the Google Reader API.
                proxy_set_header Authorization $http_authorization;
                proxy_pass_header Authorization;
        }
}

But associating a randomized string to match the generated feed would indeed be easier and more secure.

[aledeg]

@printfuck Would you mind adding this in the documentation? That might interest others. Thank you!

[Alkarex]

The proper implementation is quite high on my TODO :-)

[aledeg]

Related to #3066

[Alkarex]

https://github.com/FreshRSS/FreshRSS/pull/6052