Feature: simplifying URLs by relying on Referer header?

[makii42]

While adding some dependency badges to repos, I was wondering why there is the necessity to specify user/org and repo name in the URL, as ideally this information is already passed via the Referer header.

It should be possible to expose a route for the badges as well the link to the package dependencies page by taking a look at the referrer. One would have to extracts the right portions, which according to badge.js are

• user / organization
• repository
• optional branch / ref

and generate a redirect to either the appropriate existing image- or page-route. Thinking about it, there are probably some pros and cons to do that. This is my first pass:

pros:

• makes it dead-easy to add the badges to your READMEs.
• Shows automatically/automagically the correct dependencies on the fork / branch, if reflected properly in the referencing document.
• Relying on the referrer might be a sensible step towards resolving #94 (adding bitbucket) and even other code hosting sites, as this informations is also part of the referrer URL.

cons:

• More new redirect traffic on the server.
• Changes behavior, as forks or branches now reflect their own current state of dependencies rather than the base repo. Probably a good thing, except for the different than before part.
• Starts tracking the same package multiple times, as possibly each branch in each fork of a repo will refer the shields and by that start loading the dependencies.

That's all I can come up with for now.

What would need to be done:

• Add a facility/function that takes the Referer out of the request and extracts org, repo and optional ref values. Possibly, with regards to issue #94 also the hostname to determine the hosting service.
• add 4 new routes, invoking the above function, format the appropriate badge link incl. the taking the image format into account and sends an 302 Found redirect. Route names e.g. for svg
  • /auto.svg
  • /auto-dev.svg
  • /auto-peer.svg
  • /auto-optional.svg
• Repeat the above exercise for the ui portion to enable a deep link to the correct packages' dependencies page

What do you think about this feature? Would a contribution implementing this be welcome?

[alanshaw]

That's a really interesting proposition and I'd love to see a pull request for this! My only hesitation is the extra traffic, since the service currently really struggles when response time from the npm/github APIs slows. So, encouraging more traffic on top of this might be problematic right now. However don't let that stop you - this is a brilliant idea and I'd love to see it happen :rocket: 😍

[alanshaw]

Just a thought, we should check the github proxy passes on the Referer header (I don't know why it wouldn't but worth a check before you start the work!)

[makii42]

So, the first pass is there, and instantaneously I found the first downside: This won't work in all contexts, e.g. on npmjs.com, as the Referer in this case only contains the package name, and the parse logic is still as dumb as possible right now, requiring a github.com-style URL.

Depending on how much logic is supposed to be on the server side, a resolution of such specific referrers is not impossible, but cumbersome, as it will require additional lookups, either local (if e.g. the package.json contents are present) or remote.