From 6eabc783c341d47c4e32b60b25c7e1ba38cf534d Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Tue, 22 Oct 2013 02:24:27 +0200 Subject: [PATCH] Support private wikis by forwarding Cookie: headers to Parsoid If configured to do so, the VE API will forward the Cookie: header to Parsoid. This allows VisualEditor to be used on read-restricted wikis. Bug: 44483 Change-Id: If4a0cf1e5785b332ec9b014b783412805cf8af75 --- ApiVisualEditor.php | 22 +++++++++++++++++++--- VisualEditor.php | 13 +++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/ApiVisualEditor.php b/ApiVisualEditor.php index 33079c98c0..729988bee8 100644 --- a/ApiVisualEditor.php +++ b/ApiVisualEditor.php @@ -12,7 +12,7 @@ class ApiVisualEditor extends ApiBase { protected function getHTML( $title, $parserParams ) { global $wgVisualEditorParsoidURL, $wgVisualEditorParsoidPrefix, - $wgVisualEditorParsoidTimeout; + $wgVisualEditorParsoidTimeout, $wgVisualEditorParsoidForwardCookies; $restoring = false; @@ -45,6 +45,10 @@ class ApiVisualEditor extends ApiBase { 'timeout' => $wgVisualEditorParsoidTimeout ) ); + // Forward cookies, but only if configured to do so and if there are read restrictions + if ( $wgVisualEditorParsoidForwardCookies && !User::isEveryoneAllowed( 'read' ) ) { + $req->setHeader( 'Cookie', $this->getRequest()->getHeader( 'Cookie' ) ); + } $status = $req->execute(); if ( $status->isOK() ) { @@ -97,14 +101,15 @@ class ApiVisualEditor extends ApiBase { protected function postHTML( $title, $html, $parserParams ) { global $wgVisualEditorParsoidURL, $wgVisualEditorParsoidPrefix, - $wgVisualEditorParsoidTimeout; + $wgVisualEditorParsoidTimeout, $wgVisualEditorParsoidForwardCookies; if ( $parserParams['oldid'] === 0 ) { $parserParams['oldid'] = ''; } - return Http::post( + $req = MWHttpRequest::factory( $wgVisualEditorParsoidURL . '/' . $wgVisualEditorParsoidPrefix . '/' . urlencode( $title->getPrefixedDBkey() ), array( + 'method' => 'POST', 'postData' => array( 'content' => $html, 'oldid' => $parserParams['oldid'] @@ -112,6 +117,17 @@ class ApiVisualEditor extends ApiBase { 'timeout' => $wgVisualEditorParsoidTimeout ) ); + // Forward cookies, but only if configured to do so and if there are read restrictions + if ( $wgVisualEditorParsoidForwardCookies && !User::isEveryoneAllowed( 'read' ) ) { + $req->setHeader( 'Cookie', $this->getRequest()->getHeader( 'Cookie' ) ); + } + $status = $req->execute(); + if ( !$status->isOK() ) { + // TODO proper error handling, merge with getHTML above + return false; + } + // TODO pass through X-Parsoid-Performance header, merge with getHTML above + return $req->getContent(); } protected function parseWikitext( $title ) { diff --git a/VisualEditor.php b/VisualEditor.php index 5bf1cd2d7f..b3ed4458dc 100644 --- a/VisualEditor.php +++ b/VisualEditor.php @@ -877,6 +877,19 @@ $wgVisualEditorParsoidURL = 'http://localhost:8000'; // Parsoid will be called as $url/$prefix/$pagename $wgVisualEditorParsoidPrefix = 'localhost'; +// Forward users' Cookie: headers to Parsoid. Required for private wikis (login required to read). +// If the wiki is not private (i.e. $wgGroupPermissions['*']['read'] is true) this configuration +// variable will be ignored. +// +// This feature requires a non-locking session store. The default session store will not work and +// will cause deadlocks when trying to use this feature. If you experience deadlock issues, enable +// $wgSessionsInObjectCache. +// +// WARNING: ONLY enable this on private wikis and ONLY IF you understand the SECURITY IMPLICATIONS +// of sending Cookie headers to Parsoid over HTTP. For security reasons, it is strongly recommended +// that $wgVisualEditorParsoidURL be pointed to localhost if this setting is enabled. +$wgVisualEditorParsoidForwardCookies = false; + // Timeout for HTTP requests to Parsoid in seconds $wgVisualEditorParsoidTimeout = 100;