Specification enhancement: how to make web-based previously-submitted report summaries unshareable

Bug #1319570 reported by Stuart Langridge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Daisy
New
Undecided
Unassigned

Bug Description

https://wiki.ubuntu.com/ErrorTracker#Accessing_previous_reports has "To avoid privacy problems, it should be impossible to share the URL of the page. How?"

One way to do this may be to make the "previous reports" page accept the relevant data (the unique ID of this machine) via an HTTP POST rather than a GET. That is, instead of "Show Previous Reports" in the client app opening the theoretical page https://errors.ubuntu.com/from-this-machine?machineid=1234567890, the https://errors.ubuntu.com/from-this-machine page should accept the machine ID as a POST parameter. That way, the visible URL in the user's browser will be merely https://errors.ubuntu.com/from-this-machine and sharing that URL around will not work.

One way to do this is to have the client app open a browser at https://errors.ubuntu.com/from-this-machine/get-to-post?machineid=1234567890 which is a page which contains something like the following:

<html><body>Showing your submitted list of reports&hellip;
<form id="f" method="POST" action="https://errors.ubuntu.com/from-this-machine">
<input type="hidden" name="machineid" value="$GET[machineid]">
<input type="submit"></form>
<script>
document.getElementById('f').submit();
</script>
</body></html>

That page contains a form which POSTs the machineid from the querystring to the actual error reports page, using JavaScript. This would need some testing and iteration (what if the user does not have JavaScript? Have JavaScript add CSS to set all buttons to display:none and then add an <input type="submit"> to the form?) but is one way to solve the problem.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.