Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/Hook/CanIPUseHTTPSHook.php
Tim Starling c75eef91bf Introduce $wgForceHTTPS 
Add $wgForceHTTPS. When set to true:

* It makes the HTTP to HTTPS redirect unconditional and suppresses the
  forceHTTPS cookie.
* It makes session cookies be secure.
* In the Action API, it triggers the existing deprecation warning and
  avoids more expensive user/session checks.
* In login and signup, it suppresses the old hidden form fields for
  protocol switching.
* It hides the prefershttps user preference.

Other changes:

* Factor out the HTTPS redirect in MediaWiki::main() into
  maybeDoHttpsRedirect() and shouldDoHttpRedirect(). Improve
  documentation.
* User::requiresHTTPS() reflects $wgForceHTTPS whereas the Session
  concept of "force HTTPS" does not. The documentation of
  User::requiresHTTPS() says that it includes configuration, and
  retaining this definition was beneficial for some callers. Whereas
  Session::shouldForceHTTPS() was used fairly narrowly as the value
  of the forceHTTPS cookie, and injecting configuration into it is not
  so easy or beneficial, so I left it as it was, except for clarifying
  the documentation.
* Deprecate the following hooks: BeforeHttpsRedirect, UserRequiresHTTPS,
  CanIPUseHTTPS. No known extension uses them, and they're not compatible
  with the long-term goal of ending support for mixed-protocol wikis.
  BeforeHttpsRedirect was documented as unstable from its inception.
  CanIPUseHTTPS was a WMF config hack now superseded by GFOC's SNI
  sniffing.
* For tests which failed with $wgForceHTTPS=true, I mostly split the
  tests, testing each configuration value separately.
* Add ArrayUtils::cartesianProduct() as a helper for generating
  combinations of boolean options in the session tests.

Bug: T256095

Change-Id: Iefb5ba55af35350dfc7c050f9fb8f4e8a79751cb
2020-06-30 15:38:11 +10:00

23 lines
631 B
PHP
Raw Blame History

<?php
namespace MediaWiki\Hook;
/**
* @deprecated since 1.35
* @ingroup Hooks
*/
interface CanIPUseHTTPSHook {
/**
* Use this hook to determine whether the client at a given source IP is likely
* to be able to access the wiki via HTTPS.
*
* @deprecated since 1.35 This feature will be removed. All clients should use HTTPS.
*
* @since 1.35
*
* @param string $ip IP address in human-readable form
* @param bool &$canDo Set to false if the client may not be able to use HTTPS
* @return bool|void True or no return value to continue or false to abort
*/
public function onCanIPUseHTTPS( $ip, &$canDo );
}
Reference in a new issue View git blame Copy permalink