Thijs/wiki.techinc.nl

Fork 0

Commit graph

Author	SHA1	Message	Date
Thiemo Kreuz	2f66b3754f	tests: Remove @param docs from test code that just repeat the signature These are not only 100% identical to the actual code, but also: * It's error-prone. Some are already wrong. * These test…() functions are not meant to be called from anywhere. What is the target audience for this documentation? * There is a @dataProvider. What such @param tags actually do is document the provider, but in an odd place. Just looking at the provider should give the same information. * The MediaWiki CodeSniffer allows to skip @param when there is a @dataProvider, for the reasone listed. Change-Id: I0f6f42f9a15776df944a0da48a50f9d5a2fb6349	2021-01-21 03:41:23 +00:00
David Barratt	c36b320454	Handle CORS preflight request and prevent anon users from unsafe methods Creates an OPTIONS handler that handles any OPTIONS requests that are not already handled by a handler. CORS has no mechanism to ensure the user is authenticated, so the Router will reject cross-origin requests from anon users. This change allows authenticated users to make cross-origin requests if they authenticate with OAuth or if $wgRestAllowCrossOriginCookieAuth is enabled. Bug: T232176 Bug: T262712 Change-Id: I128b4bdbec4f6bea35142153c951fd7b79617106	2020-09-21 19:29:40 -04:00

Author

SHA1

Message

Date

Thiemo Kreuz

2f66b3754f

tests: Remove @param docs from test code that just repeat the signature

These are not only 100% identical to the actual code, but also:
* It's error-prone. Some are already wrong.
* These test…() functions are not meant to be called from
  anywhere. What is the target audience for this documentation?
* There is a @dataProvider. What such @param tags actually do is
  document the provider, but in an odd place. Just looking at
  the provider should give the same information.
* The MediaWiki CodeSniffer allows to skip @param when there is
  a @dataProvider, for the reasone listed.

Change-Id: I0f6f42f9a15776df944a0da48a50f9d5a2fb6349

2021-01-21 03:41:23 +00:00

David Barratt

c36b320454

Handle CORS preflight request and prevent anon users from unsafe methods

Creates an OPTIONS handler that handles any OPTIONS requests that are
not already handled by a handler. CORS has no mechanism to ensure the
user is authenticated, so the Router will reject cross-origin requests
from anon users.

This change allows authenticated users to make cross-origin
requests if they authenticate with OAuth or if
$wgRestAllowCrossOriginCookieAuth is enabled.

Bug: T232176
Bug: T262712
Change-Id: I128b4bdbec4f6bea35142153c951fd7b79617106

2020-09-21 19:29:40 -04:00

2 commits