Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the atlOrigin parameter in the link (⚠️ possible privacy issue) #2046

Open
ADTC opened this issue Apr 13, 2023 · 6 comments
Open

Remove the atlOrigin parameter in the link (⚠️ possible privacy issue) #2046

ADTC opened this issue Apr 13, 2023 · 6 comments
Labels
changes requested Contributor needs to make modifications before approval

Comments

@ADTC
Copy link
Contributor

ADTC commented Apr 13, 2023

When linkifying issue keys like [KEY-123] the link has atlOrigin parameter added.

https://org.atlassian.net/browse/KEY-123?atlOrigin=qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklz

I suppose it's used for tracking purposes, but I don't want that. I want clean links without the tracking, as it can be a privacy issue.

https://org.atlassian.net/browse/KEY-123

It also helps keeps the copied link clean when we copy it and share it somewhere else, without an 82-character random string at the end of it.
@bgvozdev
Copy link
Contributor

Hey @ADTC , I have checked the code and this is the same constant string for ALL the tenants of the app. It doesn't identify you (or anyone else) anyhow:

  • doesn't include any information abut the user
  • doesn't include any information about GitHub org/repo/whatever.
  • doesn't include anything, actually :)

Similarly, when you click on any link, the browser will include "Referer" HTTP header that would include much more information about than this string.

http://github.com/atlassian/github-for-jira/blob/dc161b628a291189ba627af7bfff0bc59b037ba7/src/jira/util/jira-client-util.ts#L59-L59 .

Please let us know if you have any further concerns. Thanks!

@ADTC
Copy link
Contributor Author

ADTC commented Apr 14, 2023
edited

Okay, I understand there's no identifying of any particular entity in this.

Now I just want an option to exclude it anyway, so that the URLs are clean without this tracking ID. :)

Do you really need to track clicks on these links? I believe we can just track conversions instead of clicks. As in, whenever someone enters [KEY-123] and it's converted to a Jira link, track that action of the bot. (But don't track when people are clicking the links.)

@bgvozdev bgvozdev added the changes requested Contributor needs to make modifications before approval label Apr 14, 2023
@ADTC
Copy link
Contributor Author

ADTC commented Apr 14, 2023

PS: If removing it completely is not an option, please consider if it's possible to change it to a short human-readable alias.

@arcticlinux
Copy link

It kills me how hard it is to customize anything in JIRA cloud, almost every CSS class is internal randomly generated strings, if I want to hide a certain class, or make something more visible, or improve the visible design, change a color it makes it next to impossible.

If I want to remove this atlOrigin from links, I have to use something like a TamperMonkey script, forgive the crudeness, I ended up asking ChatGPT to iterate on this, and it's not particularly brilliant at programming.

// ==UserScript==
// @name         JIRA Remove atlOrigin Parameter
// @namespace    https://atlassian.net
// @version      1.0
// @description  Removes atlOrigin parameter from URLs in page source on JIRA sites
// @match        *://*.atlassian.net/*
// @grant        none
// ==/UserScript==

(function() {
  'use strict';

  function removeAtlOrigin() {
    var elements = document.querySelectorAll('input[aria-hidden="true"], a[aria-hidden="true"]');
    elements.forEach(function(element) {

        var url = element.value || element.href;
        if (url && /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$/i.test(url)) {
            var updatedUrl = url.replace(/([?&])atlOrigin=[^&]+&?/, function(match, p1) {
                return p1 === '?' ? '?' : '';
            });
            updatedUrl = updatedUrl.replace(/\?$/, '');
            if (url !== updatedUrl) {
                if (element.tagName === 'A') {
                    element.href = updatedUrl;
                } else if (element.tagName === 'INPUT') {
                    element.value = updatedUrl;
                }
            }
        }
      });
    }

  function observeDOM() {
    var targetNode = document.body;
    var config = { childList: true, subtree: true };

    var observer = new MutationObserver(function(mutationsList) {
      for (var mutation of mutationsList) {
        var addedNodes = mutation.addedNodes;
        addedNodes.forEach(function(node) {
          if (node.nodeType === Node.ELEMENT_NODE) {
            if (node.querySelectorAll('button[aria-label="Share"]')) {
              removeAtlOrigin();
            }
          }
        });
      }
    });

    observer.observe(targetNode, config);
  }

  window.addEventListener('load', function() {
    observeDOM();
  });

  document.addEventListener('click', function(event) {
    if (event.target.matches('button[aria-label="Share"]')) {
      console.log('Button clicked:', event.target);
      removeAtlOrigin();
    }
  });
})();

@BenedekFarkas
Copy link

If it doesn't identify anything, then why was it added in the first place?

This was referenced Dec 6, 2023
Closed
Open
@henricook
Copy link

+1 - this is a constant frustration when trying to link colleagues to tickets for an MR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
changes requested Contributor needs to make modifications before approval
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@henricook @arcticlinux @BenedekFarkas @ADTC @bgvozdev