I’ve just tried to share a link, and the shareable link Discource gave me was
https://community.openstreetmap.org/t/official-statement-by-open-street-map-moderator/1054/4?u=someoneelse. In the context that I wanted to use it, the fact that that link included my userid wasn’t a problem, but I’d imagine that in most contexts it absolutely would.
Can the user be removed from share links by default?
It seems this is being discussed upstream:
Currently, using the “Share a link” or copying the URL associated with a post’s timestamp results in a URL that contains the username of whoever does the copying, if that person happened to be logged in at the time. This poses some privacy concern:...
Reading time: 3 mins 🕑
Likes: 54 ❤
It seems that a setting to switch this off will be available in the next Discourse version (2.9)
This is already implemented in the beta version
New features in 2.9.0.beta10 Sidebar and new notification menu Security Updates This beta includes 4 security fixes for issues reported by our community and HackerOne. Handle incomplete quote bbcode (CVE-2022-39232) Limit user profile field...
Reading time: 5 mins 🕑
Likes: 23 ❤
Once 2.9 moves to stable we will be able to remove it.
We’ve since rolled out the Discourse version which
introduced the ability to disable this behavior at a site level. Seeing how this appears to be the consensus solution, I’ve now disabled the “allow username in share links” setting in the admin panel. The username will therefore no longer be included in the URLs generated by the “share” button.