From cc46672f46d38e7c7ecf2c0e61c37c0f4ae5a610 Mon Sep 17 00:00:00 2001 From: Holger Just Date: Tue, 6 Apr 2021 12:28:59 +0200 Subject: [PATCH 3/3] Disallow all in /robots.txt if login is required --- app/controllers/welcome_controller.rb | 2 +- app/views/welcome/robots.text.erb | 4 ++++ test/integration/welcome_test.rb | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index 0807c8232a..0499b188e8 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -27,7 +27,7 @@ def index end def robots - @projects = Project.visible(User.anonymous) + @projects = Project.visible(User.anonymous) unless Setting.login_required? render :layout => false, :content_type => 'text/plain' end end diff --git a/app/views/welcome/robots.text.erb b/app/views/welcome/robots.text.erb index a13cdc85e8..0eabf6cff6 100644 --- a/app/views/welcome/robots.text.erb +++ b/app/views/welcome/robots.text.erb @@ -1,4 +1,7 @@ User-agent: * +<% if Setting.login_required? -%> +Disallow: / +<% else -%> <% @projects.each do |project| -%> <% [project, project.id].each do |p| -%> Disallow: <%= url_for(:controller => 'repositories', :action => :show, :id => p) %> @@ -18,3 +21,4 @@ Disallow: <%= url_for(projects_path(:trailing_slash => true)) %>*.pdf$ Disallow: <%= url_for(signin_path) %> Disallow: <%= url_for(register_path) %> Disallow: <%= url_for(lost_password_path) %> +<% end -%> diff --git a/test/integration/welcome_test.rb b/test/integration/welcome_test.rb index 1f46cd469c..cc007a2e24 100644 --- a/test/integration/welcome_test.rb +++ b/test/integration/welcome_test.rb @@ -48,6 +48,10 @@ def test_robots_when_login_is_required get '/robots.txt' assert_response :success assert_equal 'text/plain', @response.media_type + + # Disallow everything if logins are required + refute @response.body.match(%r{^Disallow: /projects/ecookbook/issues\r?$}) + assert @response.body.match(%r{^Disallow: /\r?$}) end end end -- 2.34.0