Rollbar #300: Bot following link to LTI content generating OAuth error

[jefferya]

Rollbar Details: https://rollbar.com/ualbertalib/avalon/items/300

A bot (e.g., GoogleBot) finds and follows a link to the LTI endpoint. A exception is triggered and recorded in Rollbar. What options are available to address the exceptions?

Why the error? Digging into rollbar. Errors originating from GoogleBot (not U of A eCalss). Analysis: GoogleBot crawler following a link to an LTI resource triggering an authentication error in ERA A+V. Avalon doesn't nicely handle HTTP GET requests or missing request parameters in LTI requests hence the rollbar errors. When logged onto eClass, accessing an ERA A+V item, eClass uses an HTTP POST with oauth_* parameters in the request. The missing oauth parameters in the GoogleBot request trigger the error. This rollbar error is similar to this MoodleBot related Avalon issue, Connor added note: https://github.com/ualbertalib/avalon/issues/591

Thoughts:

1. Can a serve change be made to ask bots to not access certain urls (e.g., robots.txt)?
2. Add nofollow link?

Regarding option 2., I've never found where GoogleBot locates the URL.

• Checked Avalon: the eClass (LTI) link is only available if authenticated as far as I can tell (via the share button).
• Checked eClass: if a page is public, the LTI url is exposed in contents of iframe (launch.php).

[seanluyk]

@jefferya could you let me know if this has a direct user impact?

[jefferya]

@seanluyk As far as I've been able to ascertain, no direct impact to ERA A+V users and no direct impact to eClass users.

[seanluyk]

Thanks, keep me posted!

[jefferya]

will monitor