Secure RSS Feeds

All secure RSS feeds now transparently support BASIC  Authentication.

The behavior is such that when you're logged in, the feeds will simply work as expected if you open them directly in the browser. If you log out, you'll suddenly be promted for BASIC  Authentication. If you use the url with an external RSS client and that client supports BASIC Authentication then simply give your credentials and you should be good to go.

Pleae note that BASIC Authentication transfers your passwords over the internet/network in plain text, so make sure that you have SSL enabled if you care about such things.

An alternative is also to enabled DIGEST Authentication (just add an init parameter for "digest_auth" in the filter declaration and restart).

Note of you're using an SSO of some kind, and the client making the request speaks in your SSO's toung, then of course you don't have to worry about any of this.

 

Enjoy!

(Update: The issue was resolved as of LPS-12308 r73243.)

Blogs
Thank you very much Ray.
I didn't know that there was the ability to add a regex to the filter.
Everything would have been much easier emoticon
Can you do this with Web Content Feeds?
Yes! The key is to make those originate from a private page.

So, when creating your feed, just make sure that the page friendly url you specify is private.
Thanks Ray! We are currently working towards this so it comes at a great time.... Do you have an example of how I would format the url to be used in the RSS Feed to Basic Authentication?
If you are talking specifically about the Feeds you define in the Web Content portlet on the Feeds tab, then the url is generated for you.

For other feeds, those depend on the portlet, and you don't have to reformat the urls in any way. The basic auth is transparently applied after the fix.

(Updating above with rev and ticket #).
Thanks Ray, I am talking about the Feeds from the Web Content Portlet...
I want to generate a secure Web Content Feed from a private community and share it with other private communities..
Is this possible with what you are talking about?
It will work yes! You have nothing to do after having this fix. Simply, if the client is not authenticated when making a request to the feed (yes Web Content Feed that specifies a private "Target Page Friendly URL"), basic authentication will kick in.
My RSS feed from forum is broken,
https://www.appex.com/en/web/boite-a-idees/home/-/message_boards/rss?p_l_id=41234&_19_mbCategoryId=41224&

p_l_id has no value causing 404 error.