Closed benoit74 closed 1 month ago
Popolechien
commented
1 month ago I would advise working from the worst case scenario which is also our default assumption, ie that people are entirely offline and have no possibility to leave the zim to go to the broader internet. So block everything.
rgaudin
commented
1 month ago Replying to the ticket as I dont understand @Popolechien's reply.
demo.hotspot.kiwix.org kiwix-serve should already have the external block enabled. If not, it's a bug either in the hotspot or the demo. I just tested on a WP link and it seems to work. We should not change hotspot behavior (point of the demo)dev.library.kiwix.org is a dev/internal tool so we should do what makes most sense for its users. blocking seems the most practical.demo.library.kiwix.org: users are clients and we want them to be very clear on the bounds of their ZIM. blocking is important.library.kiwix.org: users are not defined. I think that the blocking is not that intrusive and helps understand what's in a ZIM so it I would recommend we block here as well but last discussion about search engine indexing showed that we don't all share the same opinion about what the HTML library.kiwix.org is.In summary, I'd say block everywhere but for different reasons.
kelson42
commented
1 month ago I see the problems of not blocking... so agree to block everywhere at this stage... we will see where it causes problem (for the moment I see none).
benoit74
commented
1 month ago Thank you !
Configuration to block has been deployed everywhere where it wasn't already. Already working as intended on dev.library.kiwix.org and demo.library.kiwix.org. On library.kiwix.org it will work in 24h (cache expiration). I'm not sure which cache purge method would work (we have many to selectively purge what needs to be) and I prefer to not risk anything on production only to save 24h.
We currently have multiple kiwix-serve instances "online":
While I understand why we do not block external links on demo.hotspot.kiwix.org, I feel like it makes testing/demoing ZIMs significantly harder on dev.library.kiwix.org and demo.library.kiwix.org.
On dev.library.kiwix.org, we can easily get confused about the fact that the ZIM is working while indeed we've switched to online source (I personally now use a proxy to block all outgoing calls but dev.library.kiwix.org when testing, but I'm pretty sure not everyone is doing it).
On demo.library.kiwix.org, it is even harder for our customer to not get confused / abused about these external links.
Regarding library.kiwix.org, I don't know.
All this is even much more important now that we create / test many zimit ZIMs where we can have many external links.
WDYT? Has this already been discussed and decided?