wikimedia/mediawiki-extensions-VisualEditor
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor synced 2024-11-24 06:24:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support private wikis by forwarding Cookie: headers to Parsoid

Browse source 
If configured to do so, the VE API will forward the Cookie: header to
Parsoid. This allows VisualEditor to be used on read-restricted wikis.

Bug: 44483
Change-Id: If4a0cf1e5785b332ec9b014b783412805cf8af75
This commit is contained in:
Roan Kattouw 2013-10-22 02:24:27 +02:00
parent 211727a2fd
commit 6eabc783c3
2 changed files with 32 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
ApiVisualEditor.php
View file

@ -12,7 +12,7 @@ class ApiVisualEditor extends ApiBase {
protected function getHTML( $title, $parserParams ) {
global $wgVisualEditorParsoidURL, $wgVisualEditorParsoidPrefix,
$wgVisualEditorParsoidTimeout;
$wgVisualEditorParsoidTimeout, $wgVisualEditorParsoidForwardCookies;
$restoring = false;
@ -45,6 +45,10 @@ class ApiVisualEditor extends ApiBase {
'timeout' => $wgVisualEditorParsoidTimeout
)
);
// Forward cookies, but only if configured to do so and if there are read restrictions
if ( $wgVisualEditorParsoidForwardCookies && !User::isEveryoneAllowed( 'read' ) ) {
$req->setHeader( 'Cookie', $this->getRequest()->getHeader( 'Cookie' ) );
}
$status = $req->execute();
if ( $status->isOK() ) {
@ -97,14 +101,15 @@ class ApiVisualEditor extends ApiBase {
protected function postHTML( $title, $html, $parserParams ) {
global $wgVisualEditorParsoidURL, $wgVisualEditorParsoidPrefix,
$wgVisualEditorParsoidTimeout;
$wgVisualEditorParsoidTimeout, $wgVisualEditorParsoidForwardCookies;
if ( $parserParams['oldid'] === 0 ) {
$parserParams['oldid'] = '';
}
return Http::post(
$req = MWHttpRequest::factory(
$wgVisualEditorParsoidURL . '/' . $wgVisualEditorParsoidPrefix .
'/' . urlencode( $title->getPrefixedDBkey() ),
array(
'method' => 'POST',
'postData' => array(
'content' => $html,
'oldid' => $parserParams['oldid']
@ -112,6 +117,17 @@ class ApiVisualEditor extends ApiBase {
'timeout' => $wgVisualEditorParsoidTimeout
)
);
// Forward cookies, but only if configured to do so and if there are read restrictions
if ( $wgVisualEditorParsoidForwardCookies && !User::isEveryoneAllowed( 'read' ) ) {
$req->setHeader( 'Cookie', $this->getRequest()->getHeader( 'Cookie' ) );
}
$status = $req->execute();
if ( !$status->isOK() ) {
// TODO proper error handling, merge with getHTML above
return false;
}
// TODO pass through X-Parsoid-Performance header, merge with getHTML above
return $req->getContent();
}
protected function parseWikitext( $title ) {

13
VisualEditor.php
View file

@ -877,6 +877,19 @@ $wgVisualEditorParsoidURL = 'http://localhost:8000';
// Parsoid will be called as $url/$prefix/$pagename
$wgVisualEditorParsoidPrefix = 'localhost';
// Forward users' Cookie: headers to Parsoid. Required for private wikis (login required to read).
// If the wiki is not private (i.e. $wgGroupPermissions['*']['read'] is true) this configuration
// variable will be ignored.
//
// This feature requires a non-locking session store. The default session store will not work and
// will cause deadlocks when trying to use this feature. If you experience deadlock issues, enable
// $wgSessionsInObjectCache.
//
// WARNING: ONLY enable this on private wikis and ONLY IF you understand the SECURITY IMPLICATIONS
// of sending Cookie headers to Parsoid over HTTP. For security reasons, it is strongly recommended
// that $wgVisualEditorParsoidURL be pointed to localhost if this setting is enabled.
$wgVisualEditorParsoidForwardCookies = false;
// Timeout for HTTP requests to Parsoid in seconds
$wgVisualEditorParsoidTimeout = 100;