Page MenuHomePhabricator
Files F52646

0001-SECURITY-Re-introduce-HTTPS-support-detection.patch
ori (Ori Livneh)
Actions

Authored By
ori
Mar 2 2015, 9:16 PM
Size
5 KB
Referenced Files
None
Subscribers
None

0001-SECURITY-Re-introduce-HTTPS-support-detection.patch
View Options

From 9e67e9519f057adbc9b26a7216c6e14d43508d1e Mon Sep 17 00:00:00 2001
From: Ori Livneh <ori@wikimedia.org>
Date: Mon, 2 Mar 2015 12:39:23 -0800
Subject: [PATCH] [SECURITY] Re-introduce HTTPS support detection
T88361
Change-Id: I992514bd468f797430a753ddf18393d8d6b0b985
---
WikimediaEvents.php | 13 ++++-
WikimediaEventsHooks.php | 3 +-
modules/ext.wikimediaEvents.httpsSupport.js | 86 +++++++++++++++++++++++++++++
3 files changed, 100 insertions(+), 2 deletions(-)
create mode 100644 modules/ext.wikimediaEvents.httpsSupport.js
diff --git a/WikimediaEvents.php b/WikimediaEvents.php
index 89e6f0bb1a..6da22f10d1 100644
--- a/WikimediaEvents.php
+++ b/WikimediaEvents.php
@@ -28,6 +28,9 @@ $wgExtensionCredits['other'][] = array(
// Configuration
+/** @var int|bool: Logs once per this many requests. */
+$wgHttpsFeatureDetectionSamplingFactor = 1000;
+
/**
* @var bool|string: Full URI or false if not set.
* Data is logged to this end point as key-value pairs in the query
@@ -66,11 +69,19 @@ $wgResourceModules += array(
'revision' => 11319708,
),
'ext.wikimediaEvents.deprecate' => array(
- 'scripts' => 'ext.wikimediaEvents.deprecate.js',
+ 'scripts' => array(
+ 'ext.wikimediaEvents.deprecate.js',
+ 'ext.wikimediaEvents.httpsSupport.js',
+ ),
'localBasePath' => __DIR__ . '/modules',
'remoteExtPath' => 'WikimediaEvents/modules',
'targets' => array( 'desktop', 'mobile' ),
),
+ 'schema.HttpsSupport' => array(
+ 'class' => 'ResourceLoaderSchemaModule',
+ 'schema' => 'HttpsSupport',
+ 'revision' => 11437897,
+ ),
'ext.wikimediaEvents.statsd' => array(
'scripts' => 'ext.wikimediaEvents.statsd.js',
'localBasePath' => __DIR__ . '/modules',
diff --git a/WikimediaEventsHooks.php b/WikimediaEventsHooks.php
index fcd03ca565..5d02356049 100644
--- a/WikimediaEventsHooks.php
+++ b/WikimediaEventsHooks.php
@@ -320,7 +320,8 @@ class WikimediaEventsHooks {
}
public static function onResourceLoaderGetConfigVars( &$vars ) {
- global $wgWMEStatsdBaseUri;
+ global $wgWMEStatsdBaseUri, $wgHttpsFeatureDetectionSamplingFactor;
+ $vars['wgHttpsFeatureDetectionSamplingFactor'] = $wgHttpsFeatureDetectionSamplingFactor;
$vars['wgWMEStatsdBaseUri'] = $wgWMEStatsdBaseUri;
}
diff --git a/modules/ext.wikimediaEvents.httpsSupport.js b/modules/ext.wikimediaEvents.httpsSupport.js
new file mode 100644
index 0000000000..d73927abbc
--- /dev/null
+++ b/modules/ext.wikimediaEvents.httpsSupport.js
@@ -0,0 +1,86 @@
+/*global Geo */
+/**
+ * JavaScript module for HTTPS feature detection.
+ * Detects HTTPS support by firing two requests for the same resource
+ * using HTTP for one and HTTPS by other and logs results.
+ *
+ * @licence GNU GPL v2 or later
+ * @author Ori Livneh <ori@wikimedia.org>
+ */
+( function ( mw, $ ) {
+ 'use strict';
+
+ var pixelSrc = '//performance.wikimedia.org/blank.gif';
+
+ function inSample() {
+ var factor = mw.config.get( 'wgHttpsFeatureDetectionSamplingFactor' );
+ if ( !$.isNumeric( factor ) || factor < 1 ) {
+ return false;
+ }
+ return Math.floor( Math.random() * factor ) === 0;
+ }
+
+ // Return a deferred object that is resolved after `ms` milliseconds.
+ function sleep( ms ) {
+ var defer = $.Deferred();
+ setTimeout( function () {
+ defer.resolve();
+ }, ms );
+ return defer;
+ }
+
+ function pingProtocol( proto, timeout ) {
+ var $beacon = $( '<img />' ),
+ defer = $.Deferred();
+
+ $beacon.on( 'load error abort timeout', defer.resolveWith );
+ setTimeout( function () {
+ $beacon.trigger( $.Event( 'timeout' ) );
+ }, timeout || 5000 );
+ $beacon.attr( 'src', proto + ':' + pixelSrc + '?' + new Date() );
+
+ return defer.then( function () {
+ var status = {}, ok = this.type === 'load' && $beacon.prop( 'width' ) === 1;
+ status[proto + 'Status'] = ok ? 'success' : this.type;
+ return status;
+ } );
+ }
+
+
+ // Log only if user is using HTTP and is included in the random sample.
+ if ( window.location.protocol !== 'https:' && inSample() ) {
+ mw.loader.using( 'schema.HttpsSupport', function () {
+ var protocols = [ 'http', 'https' ];
+
+ // Flip the order of tests 50% of the time.
+ if ( Math.floor( Math.random() * 2 ) ) {
+ protocols.reverse();
+ }
+
+ $.when(
+ pingProtocol( protocols.pop() ),
+ pingProtocol( protocols.pop() ),
+ sleep( 6000 )
+ ).done( function ( firstStatus, secondStatus ) {
+ var event = $.extend( {
+ isAnon : mw.config.get( 'wgUserId' ) === null,
+ userAgent : navigator.userAgent
+ }, firstStatus, secondStatus );
+
+ if ( mw.mobileFrontend && mw.config.exists( 'wgMFMode' ) ) {
+ event.mobileMode = mw.config.get( 'wgMFMode' );
+ }
+ if ( $.isPlainObject( window.Geo ) ) {
+ if ( typeof Geo.country === 'string' && Geo.country.length ) {
+ event.originCountry = Geo.country;
+ }
+ if ( typeof Geo.city === 'string' && Geo.city.length ) {
+ event.originCity = Geo.city;
+ }
+ }
+ mw.eventLog.logEvent( 'HttpsSupport', event );
+ } );
+ } );
+ }
+
+} ( mediaWiki, jQuery ) );
--
2.3.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
50432
Default Alt Text
0001-SECURITY-Re-introduce-HTTPS-support-detection.patch (5 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits