Feature request - Add some attribution

[bart7782]

Hi,

This project is pretty cool. With good support too. I think you should add a setting to add a little attribution to a website using this project. Just a little switch that would add something like "Powered by chyrp-lite" in the footer. I've already done this by adding a footer to the default.twig. I hope you like it :)

[xenocrat]

Very nice. =)

Thank you for the suggestion - I'll give this some thought.

[mord0d]

Good idea, @bart7782! (=

By the way, we have X-Powered-By, but Chyrp Lite doesn't use it.

---

Also, it would be great if there a functions/variables for © STARTYEAR-CURRENTYEAR ADMIN (as a separate fields?). Currently, I have this:

{% set dfr = theme.archives_list() | last.when | dateformat("Y") %}
{% set dnw = now | dateformat("Y") %}
<p>©
  {% if dnw > dfr %}<time datetime="{{ dfr }}">{{ dfr }}</time>-{% endif %}<time datetime="{{ dnw }}">{{ dnw }}</time>
  {{ site.name }}
</p>

This is the ugliest code I've ever written, but at least it works (except, I don't like site.name as a "copyright holder"). ☺

[xenocrat]

X-Powered-By is generally not used for production sites because there is a small but real advantage of "security by obscurity" in omitting it.

I have been giving this attribution topic some thought in recent months. No answers yet, but my thoughts are percolating and might lead to an answer eventually. I think a simple creator function for copyright notices is a good idea - I'll add that.

[mord0d]

X-Powered-By is generally not used for production sites because there is a small but real advantage of "security by obscurity" in omitting it.

That's right, but… Security is not a state, it's a continuous process. On its own, X-Powered-By is only a little hint, not a vulnerability. It's a good practice to expose_php = Off in php.ini, some apps recommend (not requires!) to hide X-Powered-By in reverse-proxy configuration, but anyway there should be ways to get some information about the backend, at least its version and some plugins. My point here is not to say it's a good idea to expose things to the world, my point is to leave the decision to the admin.

Hiding the X-Powered-By doesn't cost anything so it's better to do so.

[xenocrat]

I've added a new Twig function to create copyright notices, and added the "generator" standard metadata to all themes. This identifies Chyrp Lite as a product, without reference to a specific version.