search

atlassian / github-for-jira

Connect your code with your project management in Jira
https://github.atlassian.com
MIT License
634 stars 193 forks source link

Remove the `atlOrigin` parameter in the link (⚠️ possible privacy issue) #2046

Open ADTC opened 1 year ago

ADTC commented 1 year ago

When linkifying issue keys like [KEY-123] the link has atlOrigin parameter added.

https://org.atlassian.net/browse/KEY-123?atlOrigin=qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklz

I suppose it's used for tracking purposes, but I don't want that. I want clean links without the tracking, as it can be a privacy issue.

https://org.atlassian.net/browse/KEY-123

It also helps keeps the copied link clean when we copy it and share it somewhere else, without an 82-character random string at the end of it.

bgvozdev commented 1 year ago

Hey @ADTC , I have checked the code and this is the same constant string for ALL the tenants of the app. It doesn't identify you (or anyone else) anyhow:

Similarly, when you click on any link, the browser will include "Referer" HTTP header that would include much more information about than this string.

http://github.com/atlassian/github-for-jira/blob/dc161b628a291189ba627af7bfff0bc59b037ba7/src/jira/util/jira-client-util.ts#L59-L59 .

Please let us know if you have any further concerns. Thanks!

ADTC commented 1 year ago

Okay, I understand there's no identifying of any particular entity in this.

Now I just want an option to exclude it anyway, so that the URLs are clean without this tracking ID. :)

Do you really need to track clicks on these links? I believe we can just track conversions instead of clicks. As in, whenever someone enters [KEY-123] and it's converted to a Jira link, track that action of the bot. (But don't track when people are clicking the links.)

ADTC commented 1 year ago

PS: If removing it completely is not an option, please consider if it's possible to change it to a short human-readable alias.

arcticlinux commented 1 year ago

It kills me how hard it is to customize anything in JIRA cloud, almost every CSS class is internal randomly generated strings, if I want to hide a certain class, or make something more visible, or improve the visible design, change a color it makes it next to impossible.

If I want to remove this atlOrigin from links, I have to use something like a TamperMonkey script, forgive the crudeness, I ended up asking ChatGPT to iterate on this, and it's not particularly brilliant at programming.

// ==UserScript==
// @name         JIRA Remove atlOrigin Parameter
// @namespace    https://atlassian.net
// @version      1.0
// @description  Removes atlOrigin parameter from URLs in page source on JIRA sites
// @match        *://*.atlassian.net/*
// @grant        none
// ==/UserScript==

(function() {
  'use strict';

  function removeAtlOrigin() {
    var elements = document.querySelectorAll('input[aria-hidden="true"], a[aria-hidden="true"]');
    elements.forEach(function(element) {

        var url = element.value || element.href;
        if (url && /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$/i.test(url)) {
            var updatedUrl = url.replace(/([?&])atlOrigin=[^&]+&?/, function(match, p1) {
                return p1 === '?' ? '?' : '';
            });
            updatedUrl = updatedUrl.replace(/\?$/, '');
            if (url !== updatedUrl) {
                if (element.tagName === 'A') {
                    element.href = updatedUrl;
                } else if (element.tagName === 'INPUT') {
                    element.value = updatedUrl;
                }
            }
        }
      });
    }

  function observeDOM() {
    var targetNode = document.body;
    var config = { childList: true, subtree: true };

    var observer = new MutationObserver(function(mutationsList) {
      for (var mutation of mutationsList) {
        var addedNodes = mutation.addedNodes;
        addedNodes.forEach(function(node) {
          if (node.nodeType === Node.ELEMENT_NODE) {
            if (node.querySelectorAll('button[aria-label="Share"]')) {
              removeAtlOrigin();
            }
          }
        });
      }
    });

    observer.observe(targetNode, config);
  }

  window.addEventListener('load', function() {
    observeDOM();
  });

  document.addEventListener('click', function(event) {
    if (event.target.matches('button[aria-label="Share"]')) {
      console.log('Button clicked:', event.target);
      removeAtlOrigin();
    }
  });
})();
BenedekFarkas commented 12 months ago

If it doesn't identify anything, then why was it added in the first place?

henricook commented 9 months ago

+1 - this is a constant frustration when trying to link colleagues to tickets for an MR

gravieure commented 3 months ago

Throwing in another vote to remove this stuff. It's very annoying and bloats the URL; the tracking ID is 2x the size of the real link.

If you're a uBlock Origin user (you are a uBlock Origin user, right?), this filter will remove the parameter globally:

*$removeParam=atlOrigin
PAllisonVSO commented 1 month ago

Also wanting this change. It muddies everything

Wolfer commented 1 month ago

+1 useless looooooong parameter in link.