Ema has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/355338 )
Change subject: varnish: Switch browsersec to use errorpage template
......................................................................
varnish: Switch browsersec to use errorpage template
Follows-up Id77d23a442ab9ba3.
Bug: T113114
Change-Id: I70dfabe043f1fc270c59b60e57d5bff20ceb3c84
---
M modules/role/manifests/cache/text.pp
A modules/varnish/templates/browsersec.body.html.erb
M modules/varnish/templates/browsersec.inc.vcl.erb
3 files changed, 16 insertions(+), 24 deletions(-)
Approvals:
Ema: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/role/manifests/cache/text.pp
b/modules/role/manifests/cache/text.pp
index 556176d..5283972 100644
--- a/modules/role/manifests/cache/text.pp
+++ b/modules/role/manifests/cache/text.pp
@@ -56,6 +56,17 @@
$text_storage_args = $::role::cache::base::file_storage_args
+ $errorpage = {
+ title => 'Browser Connection Security Issues',
+ pagetitle => "Your Browser's Connection Security is Outdated",
+ logo_link => 'https://www.wikimedia.org',
+ logo_src => 'https://www.wikimedia.org/static/images/wmf.png',
+ logo_srcset => 'https://www.wikimedia.org/static/images/wmf-2x.png 2x',
+ logo_alt => 'Wikimedia',
+ content => template('varnish/browsersec.body.html.erb'),
+ }
+ $error_browsersec_html = template('mediawiki/errorpage.html.erb')
+
role::cache::instances { 'text':
fe_jemalloc_conf => 'lg_dirty_mult:8,lg_chunk:16',
fe_runtime_params => $common_runtime_params,
diff --git a/modules/varnish/templates/browsersec.body.html.erb
b/modules/varnish/templates/browsersec.body.html.erb
new file mode 100644
index 0000000..30a8261
--- /dev/null
+++ b/modules/varnish/templates/browsersec.body.html.erb
@@ -0,0 +1,3 @@
+<p>Your browser is connecting to our servers with outdated connection
security. The most common causes of this are using Internet Explorer on
Windows XP (upgrade your operating system or use Firefox!), or interference
from corporate or personal "Web Security" software which actually downgrades
connection security.</p>
+<p>Less than 0.2% of our users fall into this insecure category. Currently,
we randomly send a small percentage of such requests to this warning page (you
can try again and still view content), but we'll be removing support for these
insecure connections completely in the future, which will block your access to
our sites if you haven't upgraded in time.</p>
+<p>Our <a
href="https://wikitech.wikimedia.org/wiki/HTTPS:_Browser_Recommendations";>HTTPS:
Browser Recommendations</a> page on wikitech has more-detailed information on
fixing this situation.</p>
diff --git a/modules/varnish/templates/browsersec.inc.vcl.erb
b/modules/varnish/templates/browsersec.inc.vcl.erb
index 0415a6b..7d29e83 100644
--- a/modules/varnish/templates/browsersec.inc.vcl.erb
+++ b/modules/varnish/templates/browsersec.inc.vcl.erb
@@ -1,26 +1,4 @@
sub browser_sec_synth {
-synthetic({"<!DOCTYPE html>
-<html lang=en>
-<meta charset=utf-8>
-<title>Browser Connection Security Issues</title>
-<style>
-* { margin: 0; padding: 0; }
-body { background: #fff; font: 15px/1.6 sans-serif; color: #333; }
-.content { margin: 7% auto 0; padding: 2em 1em 1em; max-width: 640px; }
-img { float: left; margin: 0 2em 2em 0; }
-a img { border: 0; }
-h1 { margin-top: 1em; font-size: 1.2em; }
-p { margin: 0.7em 0 1em 0; }
-a { color: #0645AD; text-decoration: none; }
-a:hover { text-decoration: underline; }
-</style>
-<div class="content" role="main">
-<a href="https://www.wikimedia.org";><img
src="https://www.wikimedia.org/static/images/wmf.png";
srcset="https://www.wikimedia.org/static/images/wmf-2x.png 2x" alt=Wikimedia
width=135 height=135></a>
-<h1>Your Browser's Connection Security is Outdated</h1>
-<p>Your browser is connecting to our servers with outdated connection
security. The most common causes of this are using Internet Explorer on
Windows XP (upgrade your operating system or use Firefox!), or interference
from corporate or personal "Web Security" software which actually downgrades
connection security.</p>
-<p>Less than 0.2% of our users fall into this insecure category. Currently,
we randomly send a small percentage of such requests to this warning page (you
can try again and still view content), but we'll be removing support for these
insecure connections completely in the future, which will block your access to
our sites if you haven't upgraded in time.</p>
-<p>Our <a
href="https://wikitech.wikimedia.org/wiki/HTTPS:_Browser_Recommendations";>HTTPS:
Browser Recommendations</a> page on wikitech has more-detailed information on
fixing this situation.</p>
-</div>
-</html>
-"});
+ set resp.http.Content-Type = "text/html; charset=utf-8";
+ synthetic({"<%= @error_browsersec_html %>"});
}
--
To view, visit https://gerrit.wikimedia.org/r/355338
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I70dfabe043f1fc270c59b60e57d5bff20ceb3c84
Gerrit-PatchSet: 14
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Krinkle <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Ema <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
![https://www.wikimedia.org/static/images/wmf.png"](https://www.wikimedia.org/static/images/wmf.png"){kind=link}