Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to authenticate an RSS feed

Basecamp uses HTTP authentication for its RSS feeds but this means that Google Reader, Bloglines and Firefox/Safari RSS don't work.

Is it possible to secure an RSS feed but still allow access from these popular readers?

like image 411
Jon Winstanley Avatar asked Jan 20 '10 11:01

Jon Winstanley


People also ask

How do I validate an RSS feed?

To check an RSS feed's validity, you can use an RSS validator, such as the one at http://feedvalidator.org/. To validate your RSS feed, all you have to do is enter the URL of your feed into the text field (Figure 3.35) and click the Validate button.

How do I find my RSS feed code?

Find the RSS Feed URL Through the Page Source Looking at the HTML source of the website's page will also give you the RSS feed's URL. Right click on the website's page, and choose Page Source. In the new window that appears, use the “find” feature (Ctrl + F on a PC or Command + F on a Mac), and type in RSS.

Why is RSS feed not working?

The most likely reason for your RSS feeds to show error is poor formatting. This poor formatting can be caused by a blank space after closing PHP tag in a plugin or in your theme's functions. php file. If you recently added a code snippet to your theme or child theme's functions.


2 Answers

Only possible solution I would think is use some randomly generated token inside URL to your feed. InfoQ works this way (with personalized feed) and I think many other. This way you can always revoke access to feed by simply changing token.

It has one disadvantage - it is not "protected" by password, so everyone who has can guess (or read from config files of your reader) URL has access to your feed.

And never, NEVER, put anything sensitive in this feed. Put only short summary and require users to open browser, log in and read more.

like image 163
MBO Avatar answered Sep 22 '22 16:09

MBO


Try using the RSS feed url in format: https://USERNAME:PASSWORD@URL

For a Basecamp project feed, this url might be: https://bigguy:[email protected]/1234567/projects/89101112.atom

But it's really not a good idea to leave your password within a text field of one of these services -- even if you trust the service.

So, the safer solution is to use an intermediary that can safely store your credentials, access the protected feed, and republish the feed contents at a publicly-accessible url. Basically, we want a public proxy for the protected feed.

I use Yahoo Pipes to accomplish this. This pre-built Pipe makes it very easy to set this up.

like image 30
Stephen M. Harris Avatar answered Sep 19 '22 16:09

Stephen M. Harris