jenkins-bot has submitted this change and it was merged.
Change subject: Make Special:HideBanners set a P3P header for IE
......................................................................
Make Special:HideBanners set a P3P header for IE
This patch adds the new global variable
$wgCentralNoticeHideBannersP3P for setting a site's P3P header.
If that variable is set to false, we will:
- Send an invalid header.
- Add a Special:HideBanners/P3P page with an explanation of
the invalid header.
This follows a similar practice in the CentralAuth extension.
Change-Id: I34c8937165dcbc425d546e7538300a988b99a4f8
---
M CentralNotice.php
M i18n/en.json
M i18n/qqq.json
M special/SpecialHideBanners.php
4 files changed, 44 insertions(+), 1 deletion(-)
Approvals:
Awight: Looks good to me, approved
jenkins-bot: Verified
diff --git a/CentralNotice.php b/CentralNotice.php
index 769266c..d266eb3 100644
--- a/CentralNotice.php
+++ b/CentralNotice.php
@@ -155,6 +155,13 @@
*/
$wgNoticeHideUrls = array();
+// A string to use in a P3P privacy policy header set by Special:HideBanners.
+// The header is needed to make IE keep third-party cookies in default privacy
+// mode. If this is set to false, a default invalid policy containing the URL
of
+// Special:HideBanners/P3P will be used, and that subpage will contain a short
+// explanation.
+$wgCentralNoticeHideBannersP3P = false;
+
// Server-side banner cache timeout in seconds
$wgNoticeBannerMaxAge = 600;
diff --git a/i18n/en.json b/i18n/en.json
index 7fe9feb..2193a22 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -232,6 +232,8 @@
"centralnotice-end-time": "End time (UTC)",
"centralnotice-banner-not-found-title": "Banner not found",
"centralnotice-banner-not-found-contents": "There is no banner with
this exact name.",
+ "hidebanners": "Hide banners",
+ "centralnotice-specialhidebanners-p3p": "Some browsers require a P3P
compact policy to set cookies in certain situations. However, no compact policy
is currently available. Please see the site's human-readable privacy policy.",
"apihelp-centralnoticeallocations-description": "Obtain the banner
allocations for banners served by CentralNotice for all user types under the
parametric filter.\n\nThis is a JSON only call.",
"apihelp-centralnoticeallocations-param-project": "The project to
obtain allocations under.",
"apihelp-centralnoticeallocations-param-country": "The country to
filter on.",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 75f2dba..98b1b92 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -255,6 +255,8 @@
"centralnotice-end-time": "Used in Special:CentralNotice. UTC is
\"[[w:Coordinated_Universal_Time|Coordinated Universal Time]]\"",
"centralnotice-banner-not-found-title": "Page title and top header of
Special:CentralNoticeBanners when the requested banner does not exist",
"centralnotice-banner-not-found-contents": "Used as the body content of
SpecialCentral:NoticeBanners when the requested banner does not exist",
+ "hidebanners": "Human-readable title of Special:HideBanners, used in
Special:HideBanners/P3P",
+ "centralnotice-specialhidebanners-p3p": "Explanation of default invalid
P3P header for Special:HideBanners/P3P.",
"apihelp-centralnoticeallocations-description":
"{{doc-apihelp-description|centralnoticeallocations}}",
"apihelp-centralnoticeallocations-param-project":
"{{doc-apihelp-param|centralnoticeallocations|project}}",
"apihelp-centralnoticeallocations-param-country":
"{{doc-apihelp-param|centralnoticeallocations|country}}",
diff --git a/special/SpecialHideBanners.php b/special/SpecialHideBanners.php
index 5bce154..3eb8d4c 100644
--- a/special/SpecialHideBanners.php
+++ b/special/SpecialHideBanners.php
@@ -8,19 +8,30 @@
class SpecialHideBanners extends UnlistedSpecialPage {
// Cache this blank response for a day or so (60 * 60 * 24 s.)
const CACHE_EXPIRY = 86400;
+ const P3P_SUBPAGE = 'P3P';
function __construct() {
parent::__construct( 'HideBanners' );
}
function execute( $par ) {
- global $wgNoticeCookieDurations;
+ global $wgNoticeCookieDurations, $wgCentralNoticeHideBannersP3P;
+
+ // Handle /P3P subpage with explanation of invalid P3P header
+ if ( ( strval( $par ) === SpecialHideBanners::P3P_SUBPAGE ) &&
+ !$wgCentralNoticeHideBannersP3P ){
+
+ $this->setHeaders();
+ $this->getOutput()->addWikiMsg(
'centralnotice-specialhidebanners-p3p' );
+ return;
+ }
$reason = $this->getRequest()->getText( 'reason', 'donate' );
$duration = $this->getRequest()->getInt( 'duration',
$wgNoticeCookieDurations[$reason] );
$category = $this->getRequest()->getText( 'category',
'fundraising' );
$category = Banner::sanitizeRenderedCategory( $category );
$this->setHideCookie( $category, $duration, $reason );
+ $this->setP3P();
$this->getOutput()->disable();
wfResetOutputBuffers();
@@ -53,4 +64,25 @@
}
setcookie( "centralnotice_hide_{$category}", json_encode(
$value ), $exp, '/', $cookieDomain, false, false );
}
+
+ /**
+ * Set an invalid P3P policy header to make IE accept third-party hide
cookies.
+ */
+ protected function setP3P() {
+ global $wgCentralNoticeHideBannersP3P;
+
+ if ( !$wgCentralNoticeHideBannersP3P ) {
+
+ $url = SpecialPage::getTitleFor(
+ 'HideBanners', SpecialHideBanners::P3P_SUBPAGE )
+ ->getCanonicalURL();
+
+ $p3p = "CP=\"This is not a P3P policy! See $url for
more info.\"";
+
+ } else {
+ $p3p = $wgCentralNoticeHideBannersP3P;
+ }
+
+ header( "P3P: $p3p", true );
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/178423
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I34c8937165dcbc425d546e7538300a988b99a4f8
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/extensions/CentralNotice
Gerrit-Branch: master
Gerrit-Owner: AndyRussG <[email protected]>
Gerrit-Reviewer: AndyRussG <[email protected]>
Gerrit-Reviewer: Awight <[email protected]>
Gerrit-Reviewer: Ejegg <[email protected]>
Gerrit-Reviewer: Katie Horn <[email protected]>
Gerrit-Reviewer: Mwalker <[email protected]>
Gerrit-Reviewer: Ssmith <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
