jenkins-bot has submitted this change and it was merged.
Change subject: Allow insecure external surveys
..
Allow insecure external surveys
I don't think that we should encourage sites to do this but it's been
suggested 3rd parties might want to use http.
I don't really care either way but have broken out this separate patch
in case we want to consider it (but in my opinion YAGNI)
Change-Id: I6ecb657782d21352519a99bb76494cf39e2211b5
---
M README.md
M extension.json
M includes/QuickSurveys.hooks.php
M resources/ext.quicksurveys.lib/lib.js
4 files changed, 7 insertions(+), 1 deletion(-)
Approvals:
Jhobs: Looks good to me, but someone else must approve
Bmansurov: Looks good to me, approved
jenkins-bot: Verified
diff --git a/README.md b/README.md
index 4bacff1..dcc7226 100644
--- a/README.md
+++ b/README.md
@@ -39,3 +39,5 @@
),
);
```
+You can enable insecure external surveys by enabling
`wgQuickSurveysRequireHttps` however this is discouraged.
+This will allow you to run a survey from an external website that runs only on
http.
diff --git a/extension.json b/extension.json
index d3b7eea..1ac2607 100644
--- a/extension.json
+++ b/extension.json
@@ -129,6 +129,7 @@
]
},
"config": {
+ "QuickSurveysRequireHttps": false,
"QuickSurveysConfig": [
{
"@name": "survey name",
diff --git a/includes/QuickSurveys.hooks.php b/includes/QuickSurveys.hooks.php
index b4fb2aa..f586a90 100644
--- a/includes/QuickSurveys.hooks.php
+++ b/includes/QuickSurveys.hooks.php
@@ -55,7 +55,10 @@
* @return boolean
*/
public static function onResourceLoaderGetConfigVars( &$vars ) {
+ global $wgQuickSurveysRequireHttps;
+
$surveys = self::getEnabledSurveys();
+ $vars['wgQuickSurveysRequireHttps'] =
$wgQuickSurveysRequireHttps;
$vars['wgEnabledQuickSurveys']= array_map( function ( Survey
$survey ) {
return $survey->toArray();
}, $surveys );
diff --git a/resources/ext.quicksurveys.lib/lib.js
b/resources/ext.quicksurveys.lib/lib.js
index 10184cf..71eac4f 100644
--- a/resources/ext.quicksurveys.lib/lib.js
+++ b/resources/ext.quicksurveys.lib/lib.js
@@ -47,7 +47,7 @@
*/
function isValidSurvey( survey ) {
if ( survey.type === 'external' ) {
- if ( survey.isInsecure ) {
+ if ( survey.isInsecure && mw.config.get(
'wgQuickSurveysRequireHttps' ) ) {
mw.log.warn( 'QuickSurvey with name ' +
survey.name + ' has insecure survey link and will not be shown.' );
return false;
}
--
To view, visit https://gerrit.wikimedia.org/r/246251
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6ecb657782d21352519a99bb76494cf39e2211b5
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/QuickSurveys
Gerrit-Branch: dev
Gerrit-Owner: Jdlrobson
Gerrit-Reviewer: Alex Monk
Gerrit-Reviewer: Bmansurov
Gerrit-Reviewer: CSteipp
Gerrit-Reviewer: Jhobs
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits