RSS/Atom feed of restricted boards

FlatBoard 5.2.0

Hi,

I'm using FlatBoard as an internal forum for a small club.
For security reasons all boards and discussions (with one exception) are only visible to the club members with valid credentials.

I want to subscribe to the boards RSS/Atom feed but can't access other boards than the public one.
Tested with RSS Guard, Thunderbird and Firefox (in the form https://username:password@forumsite.bar/feed/rss).

Password is using chars, numbers and special chars.

Any hints for a solution would be appreciated.

Regards
Michael

Hi DoneAgain,

There are really two separate issues here, and you may be running into both at once.

First, If you’re still on 5.2.x, upgrading to 5.3.0 is worth it anyway: that branch includes several RSS/Atom improvements, including feed auto-discovery and better category feed URLs. 5.4.x goes further with feed date formatting and slug-based category URLs. Neither release fixes the authentication issue you’re describing, but it’s easier to debug feed behavior on a current version.

On the actual problem: start with the easy check. Special characters in the password can break URL parsing. A plain @ in the password can be interpreted as the separator between credentials and hostname, which silently truncates the rest. Percent-encode them in the URL: @ becomes %40, # becomes %23, : becomes %3A, and % becomes %25. For example, p@ss#word should become p%40ss%23word.

If it still doesn’t work after encoding, you’ve probably hit the real limitation: Flatboard uses session cookies, not HTTP Basic Auth. The user:pass@url trick sends an Authorization: Basic ... header, which Flatboard ignores; it doesn’t recognize that as a login, so you’ll still appear as a guest.

What can actually work is using an RSS reader that can keep an authenticated session cookie. FreshRSS and Miniflux both support feeds behind a login, and Thunderbird may also keep a session cookie if you log into the forum first through its built-in browser. The idea is to authenticate normally first and let the reader reuse the cookie, with no credentials embedded in the feed URL.

Hi Fred,

thanks for your quick reply!

First, If you’re still on 5.2.x, upgrading to 5.3.0 is worth it anyway: that branch includes several RSS/Atom improvements, including feed auto-discovery and better category feed URLs. 5.4.x goes further with feed date formatting and slug-based category URLs. Neither release fixes the authentication issue you’re describing, but it’s easier to debug feed behavior on a current version.

Will do during the coming Easter holidays.

On the actual problem: start with the easy check. Special characters in the password can break URL parsing. A plain @ in the password can be interpreted as the separator between credentials and hostname, which silently truncates the rest. Percent-encode them in the URL: @ becomes %40, # becomes %23, : becomes %3A, and % becomes %25. For example, p@ss#word should become p%40ss%23word.

That solved an aspect of the problem.
With URL encoding the special chars the Firefox AddOn "Want my RSS" doesn't show URL constructor errors anymore ("...is not a valid URL").

But alas still no restricted boards with the encoded credentials... neither in FireFox, nor in Thunderbird or RSSGuard.

If it still doesn’t work after encoding, you’ve probably hit the real limitation: Flatboard uses session cookies, not HTTP Basic Auth.

Looks like RSSGuard uses HTTP Basic Auth functionality when entering the credentials.
So I will check some other RSS clients (like QuiteRSS or Liferea).

I proceed after the update.

Happy Easter to you and your loved ones!

Regards
Michael