2019-08-15 17:40:13 +00:00
|
|
|
<?php
|
2019-12-25 23:15:01 +00:00
|
|
|
|
2019-08-15 17:40:13 +00:00
|
|
|
/**
|
|
|
|
* SkinTemplate class for the Citizen skin
|
|
|
|
*
|
|
|
|
* @ingroup Skins
|
|
|
|
*/
|
|
|
|
class SkinCitizen extends SkinTemplate {
|
2019-12-26 19:04:39 +00:00
|
|
|
public $skinname = 'citizen';
|
|
|
|
public $stylename = 'Citizen';
|
2019-12-25 23:15:01 +00:00
|
|
|
public $template = 'CitizenTemplate';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @var OutputPage
|
|
|
|
*/
|
|
|
|
private $out;
|
2019-08-15 17:40:13 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* ResourceLoader
|
|
|
|
*
|
2019-12-25 23:15:01 +00:00
|
|
|
* @param OutputPage $out
|
2019-08-15 17:40:13 +00:00
|
|
|
*/
|
|
|
|
public function initPage( OutputPage $out ) {
|
2019-12-25 23:15:01 +00:00
|
|
|
$this->out = $out;
|
2019-08-15 17:40:13 +00:00
|
|
|
// Responsive layout
|
2019-12-25 23:15:01 +00:00
|
|
|
$out->addMeta( 'viewport', 'width=device-width, initial-scale=1.0' );
|
|
|
|
|
2019-08-15 17:40:13 +00:00
|
|
|
// Theme color
|
2019-12-25 23:15:01 +00:00
|
|
|
$out->addMeta( 'theme-color', $this->getConfigValue( 'CitizenThemeColor' ) ?? '' );
|
|
|
|
|
2019-12-11 03:59:10 +00:00
|
|
|
// Preconnect origin
|
2019-12-25 23:15:01 +00:00
|
|
|
$this->addPreConnect();
|
|
|
|
|
2019-08-15 17:40:13 +00:00
|
|
|
// Generate manifest
|
2019-12-25 23:15:01 +00:00
|
|
|
$this->addManifest();
|
2019-12-24 04:27:36 +00:00
|
|
|
|
|
|
|
// HTTP headers
|
2019-12-24 04:13:42 +00:00
|
|
|
// CSP
|
2019-12-25 23:15:01 +00:00
|
|
|
$this->addCSP();
|
|
|
|
|
|
|
|
// HSTS
|
|
|
|
$this->addHSTS();
|
|
|
|
|
|
|
|
// Deny X-Frame-Options
|
|
|
|
$this->addXFrameOptions();
|
|
|
|
|
2019-12-31 07:36:17 +00:00
|
|
|
// X-XSS-Protection
|
|
|
|
$this->addXXSSProtection();
|
2020-01-06 19:28:08 +00:00
|
|
|
|
2020-01-17 00:14:15 +00:00
|
|
|
// Referrer policy
|
|
|
|
$this->addStrictReferrerPolicy();
|
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
// Feature policy
|
|
|
|
$this->addFeaturePolicy();
|
|
|
|
|
|
|
|
$this->addModules();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* getConfig() wrapper to catch exceptions.
|
|
|
|
* Returns null on exception
|
|
|
|
*
|
|
|
|
* @param string $key
|
|
|
|
* @return mixed|null
|
|
|
|
* @see SkinTemplate::getConfig()
|
|
|
|
*/
|
|
|
|
private function getConfigValue( $key ) {
|
|
|
|
try {
|
|
|
|
$value = $this->getConfig()->get( $key );
|
|
|
|
} catch ( ConfigException $e ) {
|
|
|
|
$value = null;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $value;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Adds a preconnect header if enabled in 'CitizenEnablePreconnect'
|
|
|
|
*/
|
|
|
|
private function addPreConnect() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnablePreconnect' ) === true ) {
|
|
|
|
$this->out->addLink( [
|
|
|
|
'rel' => 'preconnect',
|
|
|
|
'href' => $this->getConfigValue( 'CitizenPreconnectURL' ),
|
|
|
|
] );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Adds the manifest if enabled in 'CitizenEnableManifest'.
|
|
|
|
* Manifest link will be empty if wfExpandUrl throws an exception.
|
|
|
|
*/
|
|
|
|
private function addManifest() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableManifest' ) === true ) {
|
|
|
|
try {
|
|
|
|
$href =
|
|
|
|
wfExpandUrl( wfAppendQuery( wfScript( 'api' ),
|
|
|
|
[ 'action' => 'webapp-manifest' ] ), PROTO_RELATIVE );
|
|
|
|
} catch ( Exception $e ) {
|
|
|
|
$href = '';
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->out->addLink( [
|
|
|
|
'rel' => 'manifest',
|
|
|
|
'href' => $href,
|
|
|
|
] );
|
|
|
|
}
|
|
|
|
}
|
2019-12-24 04:13:42 +00:00
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
/**
|
|
|
|
* Adds the csp directive if enabled in 'CitizenEnableCSP'.
|
|
|
|
* Directive holds the content of 'CitizenCSPDirective'.
|
|
|
|
*/
|
|
|
|
private function addCSP() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableCSP' ) === true ) {
|
|
|
|
|
|
|
|
$cspDirective = $this->getConfigValue( 'CitizenCSPDirective' ) ?? '';
|
|
|
|
$cspMode = 'Content-Security-Policy';
|
2019-12-24 04:13:42 +00:00
|
|
|
|
|
|
|
// Check if report mode is enabled
|
2019-12-27 08:05:05 +00:00
|
|
|
if ( $this->getConfigValue( 'CitizenEnableCSPReportMode' ) === true ) {
|
2019-12-25 23:15:01 +00:00
|
|
|
$cspMode = 'Content-Security-Policy-Report-Only';
|
2019-12-24 04:13:42 +00:00
|
|
|
}
|
2019-12-25 23:15:01 +00:00
|
|
|
|
|
|
|
$this->out->getRequest()->response()->header( sprintf( '%s: %s', $cspMode,
|
|
|
|
$cspDirective ) );
|
2019-12-24 04:13:42 +00:00
|
|
|
}
|
2019-12-25 23:15:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Adds the HSTS Header. If no max age or an invalid max age is set a default of 300 will be
|
|
|
|
* applied.
|
|
|
|
* Preload and Include Subdomains can be enabled by setting 'CitizenHSTSIncludeSubdomains'
|
|
|
|
* and/or 'CitizenHSTSPreload' to true.
|
|
|
|
*/
|
|
|
|
private function addHSTS() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableHSTS' ) === true ) {
|
2019-12-24 03:17:28 +00:00
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
$maxAge = $this->getConfigValue( 'CitizenHSTSMaxAge' );
|
|
|
|
$includeSubdomains = $this->getConfigValue( 'CitizenHSTSIncludeSubdomains' ) ?? false;
|
|
|
|
$preload = $this->getConfigValue( 'CitizenHSTSPreload' ) ?? false;
|
2019-12-24 03:17:28 +00:00
|
|
|
|
|
|
|
// HSTS max age
|
2019-12-25 23:15:01 +00:00
|
|
|
if ( is_int( $maxAge ) ) {
|
|
|
|
$maxAge = max( $maxAge, 0 );
|
2019-12-24 03:17:28 +00:00
|
|
|
} else {
|
|
|
|
// Default to 5 mins if input is invalid
|
2019-12-25 23:15:01 +00:00
|
|
|
$maxAge = 300;
|
2019-12-24 03:17:28 +00:00
|
|
|
}
|
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
$hstsHeader = 'Strict-Transport-Security: max-age=' . $maxAge;
|
|
|
|
|
|
|
|
if ( $includeSubdomains ) {
|
|
|
|
$hstsHeader .= '; includeSubDomains';
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( $preload ) {
|
|
|
|
$hstsHeader .= '; preload';
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->out->getRequest()->response()->header( $hstsHeader );
|
2019-12-24 03:17:28 +00:00
|
|
|
}
|
2019-12-25 23:15:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Adds the X-Frame-Options header if set in 'CitizenEnableDenyXFrameOptions'
|
|
|
|
*/
|
|
|
|
private function addXFrameOptions() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableDenyXFrameOptions' ) === true ) {
|
|
|
|
$this->out->getRequest()->response()->header( 'X-Frame-Options: deny' );
|
2019-12-24 02:10:13 +00:00
|
|
|
}
|
2019-12-25 23:15:01 +00:00
|
|
|
}
|
|
|
|
|
2019-12-31 07:36:17 +00:00
|
|
|
/**
|
|
|
|
* Adds the X-XSS-Protection header if set in 'CitizenEnableXXSSProtection'
|
|
|
|
*/
|
|
|
|
private function addXXSSProtection() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableXXSSProtection' ) === true ) {
|
|
|
|
$this->out->getRequest()->response()->header( 'X-XSS-Protection: 1; mode=block' );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-10 00:33:26 +00:00
|
|
|
/**
|
|
|
|
* Adds the referrer header if enabled in 'CitizenEnableStrictReferrerPolicy'
|
|
|
|
*/
|
|
|
|
private function addStrictReferrerPolicy() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableStrictReferrerPolicy' ) === true ) {
|
2020-01-10 00:26:16 +00:00
|
|
|
// iOS Safari, IE, Edge compatiblity
|
2020-01-10 00:33:26 +00:00
|
|
|
$this->out->getRequest()->response()->header( 'Referrer-Policy: strict-origin' );
|
|
|
|
$this->out->getRequest()->response()->header( 'Referrer-Policy: strict-origin-when-cross-origin' );
|
|
|
|
}
|
2020-01-10 00:26:16 +00:00
|
|
|
}
|
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
/**
|
|
|
|
* Adds the Feature policy header to the response if enabled in 'CitizenFeaturePolicyDirective'
|
|
|
|
*/
|
|
|
|
private function addFeaturePolicy() {
|
|
|
|
if ( $this->getConfigValue( 'CitizenEnableFeaturePolicy' ) === true ) {
|
2019-12-24 05:40:30 +00:00
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
$featurePolicy = $this->getConfigValue( 'CitizenFeaturePolicyDirective' ) ?? '';
|
|
|
|
|
|
|
|
$this->out->getRequest()->response()->header( sprintf( 'Feature-Policy: %s',
|
|
|
|
$featurePolicy ) );
|
2019-12-24 05:40:30 +00:00
|
|
|
}
|
2019-12-25 23:15:01 +00:00
|
|
|
}
|
2019-08-15 17:40:13 +00:00
|
|
|
|
2019-12-30 22:41:33 +00:00
|
|
|
/**
|
|
|
|
* Returns the javascript entry modules to load. Only modules that need to
|
|
|
|
* be overriden or added conditionally should be placed here.
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function getDefaultModules() {
|
|
|
|
$modules = parent::getDefaultModules();
|
2020-01-06 19:28:08 +00:00
|
|
|
|
2019-12-30 22:41:33 +00:00
|
|
|
// disable default skin search modules
|
|
|
|
$modules['search'] = [];
|
|
|
|
|
|
|
|
return $modules;
|
|
|
|
}
|
|
|
|
|
2019-12-25 23:15:01 +00:00
|
|
|
/**
|
|
|
|
* Adds all needed skin modules
|
|
|
|
*/
|
|
|
|
private function addModules() {
|
|
|
|
$this->out->addModuleStyles( [
|
2019-08-15 17:40:13 +00:00
|
|
|
'mediawiki.skinning.content.externallinks',
|
2020-02-15 21:49:55 +00:00
|
|
|
'skins.citizen.styles',
|
2019-08-15 17:40:13 +00:00
|
|
|
'skins.citizen.icons',
|
|
|
|
'skins.citizen.icons.ca',
|
|
|
|
'skins.citizen.icons.p',
|
|
|
|
'skins.citizen.icons.toc',
|
|
|
|
'skins.citizen.icons.es',
|
|
|
|
'skins.citizen.icons.n',
|
|
|
|
'skins.citizen.icons.t',
|
|
|
|
'skins.citizen.icons.pt',
|
|
|
|
'skins.citizen.icons.footer',
|
2019-12-12 02:10:34 +00:00
|
|
|
'skins.citizen.icons.badges',
|
2019-12-25 23:15:01 +00:00
|
|
|
'skins.citizen.icons.search',
|
2019-08-15 17:40:13 +00:00
|
|
|
] );
|
2019-12-25 23:15:01 +00:00
|
|
|
|
|
|
|
$this->out->addModules( [
|
2020-02-15 21:49:55 +00:00
|
|
|
'skins.citizen.scripts',
|
|
|
|
'skins.citizen.search.scripts',
|
2019-08-15 17:40:13 +00:00
|
|
|
] );
|
|
|
|
}
|
|
|
|
}
|