Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add meta NOINDEX,NOFOLLOW to admin scope to avoid accidental crawling #17163

Merged
merged 3 commits into from
Jul 29, 2018
Merged

Add meta NOINDEX,NOFOLLOW to admin scope to avoid accidental crawling #17163

merged 3 commits into from
Jul 29, 2018

Conversation

cmtickle
Copy link

Description

On occasion the admin url may be leaked to the frontend. This can (and has) result in the admin URL being available in search engines. This provides easy targets for brute force/password guessing hacks.

This fix will add a meta tag which instructs Google and other friendly bots not to add the admin URL to search results.

Manual testing scenarios

Visit the admin panel and view the source code. The head section should contain

<meta name="robots" content="NOINDEX,NOFOLLOW"/>

Contribution checklist

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds on Travis CI are green)

@magento-cicd2
Copy link
Contributor

magento-cicd2 commented Jul 26, 2018
edited
Loading

CLA assistant check
All committers have signed the CLA.

@magento-engcom-team
Copy link
Contributor

Hi @cmtickle. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento-engcom-team give me test instance - deploy test instance based on PR changes
  • @magento-engcom-team give me {$VERSION} instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Assistant documentation

@VladimirZaets
Copy link
Contributor

Hi @cmtickle, please, sign CLA, otherwise, we can't process your pull request

@cmtickle
Copy link
Author

cmtickle commented Jul 26, 2018
edited
Loading

Hi @VladimirZaets
I have signed the CLA today via the link provided. Thanks.

@VladimirZaets
Copy link
Contributor

@cmtickle you should add the email address that you use for Github account to your git config.

@VladimirZaets VladimirZaets self-assigned this Jul 26, 2018
@cmtickle
Copy link
Author

Hi @VladimirZaets I've done that, CLA now showing as signed. Thanks.

@VladimirZaets
Copy link
Contributor

@cmtickle Great, thanks

@magento-engcom-team magento-engcom-team added this to the Release: 2.2.6 milestone Jul 27, 2018
@magento-engcom-team
Copy link
Contributor

@cmtickle thank you for contributing. Please accept Community Contributors team invitation here to gain extended permissions for this repository.

@magento-engcom-team magento-engcom-team merged commit 91e192b into magento:2.2-develop Jul 29, 2018
magento-engcom-team pushed a commit that referenced this pull request Jul 29, 2018
ENGCOM-2559: Add meta NOINDEX,NOFOLLOW to admin scope to avoid accide…
68ab034 
…ntal crawling #17163
@magento-engcom-team
Copy link
Contributor

Hi @cmtickle. Thank you for your contribution.
We will aim to release these changes as part of 2.2.6.
Please check the release notes for final confirmation.

Please, consider to port this solution to 2.3 release line.
You may use Porting tool to port commits automatically.

This was referenced Jul 29, 2018
Closed
Closed
This was referenced Jul 29, 2018
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@VladimirZaets VladimirZaets

Labels
Area: Design/Frontend Progress: accept Release Line: 2.2
Projects
None yet
Milestone
Release: 2.2.6
Development

Successfully merging this pull request may close these issues.
4 participants
@cmtickle @magento-cicd2 @magento-engcom-team @VladimirZaets