Page MenuHomePhabricator
Create Task
Maniphest T147610

Add feature flag for block cookie behavior
Closed, ResolvedPublic2 Estimated Story Points
Actions

Description

We should put T5233 behind a config variable so that we can easily disable it if there are problems (and also so that we can merge the cookie code before the EventLogging code).

It should default to false/off.

Details

SubjectRepoBranchLines +/-
Send a cookie with autoblocks to prevent vandalism.mediawiki/coremaster+270 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

kaldari created this task.Oct 7 2016, 12:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 7 2016, 12:11 AM
kaldari added a parent task: T5233: Send a cookie with each block.Oct 7 2016, 12:12 AM
kaldari added projects: MediaWiki-User-management, MediaWiki-Core-AuthManager.
kaldari moved this task from New & TBD Tickets to Needs Discussion on the Community-Tech board.
Samwilson claimed this task.Oct 7 2016, 12:57 AM
Samwilson edited projects, added Community-Tech-Sprint; removed Community-Tech.
Samwilson subscribed.

Is $wgCookieSetForAutoblocks a good name? Seems good to have the 'cookie' word at the beginning, for easier autocomplete and being similar to existing variables.

Current cookie-related variables in DefaultSettings are as follows:

$wgCookieExpiration = 180 * 86400;
$wgExtendedLoginCookieExpiration = null;
$wgCookieDomain = '';
$wgCookiePath = '/';
$wgCookieSecure = 'detect';
$wgDisableCookieCheck = false;
$wgCookiePrefix = false;
$wgCookieHttpOnly = true;
$wgCacheVaryCookies = [];
Samwilson added a comment.Oct 7 2016, 1:03 AM

Oh and there's other related vars: https://www.mediawiki.org/wiki/Category:Cookies_variables

gerritbot subscribed.Oct 7 2016, 7:10 AM

Change 48029 had a related patch set uploaded (by Samwilson):
Send a cookie with autoblocks to prevent vandalism.

https://gerrit.wikimedia.org/r/48029

gerritbot added a project: Patch-For-Review.Oct 7 2016, 7:10 AM
MZMcBride subscribed.Oct 8 2016, 1:35 PM
DannyH set the point value for this task to 2.Oct 11 2016, 9:12 PM
DannyH moved this task from Ready to Q1 2018-19 on the Community-Tech-Sprint board.
DannyH moved this task from Q1 2018-19 to Needs Review/Feedback on the Community-Tech-Sprint board.
kaldari triaged this task as Medium priority.Oct 11 2016, 9:14 PM
kaldari moved this task from Needs Review/Feedback to In Development on the Community-Tech-Sprint board.Oct 17 2016, 5:00 PM
Samwilson moved this task from In Development to Needs Review/Feedback on the Community-Tech-Sprint board.Nov 16 2016, 6:00 AM
gerritbot added a comment.Nov 16 2016, 6:44 PM

Change 48029 merged by jenkins-bot:
Send a cookie with autoblocks to prevent vandalism.

https://gerrit.wikimedia.org/r/48029

ReleaseTaggerBot added projects: MW-1.29-release (WMF-deploy-2016-11-29_(1.29.0-wmf.4)), MW-1.29-release-notes.Nov 16 2016, 7:00 PM
kaldari closed this task as Resolved.Nov 16 2016, 7:15 PM
kaldari moved this task from Needs Review/Feedback to Q1 2018-19 on the Community-Tech-Sprint board.
Niharika edited projects, added Community-Tech; removed Community-Tech-Sprint.Nov 28 2016, 10:33 AM
Niharika moved this task from Needs Discussion to Archive on the Community-Tech board.Nov 28 2016, 11:02 AM
Bawolff subscribed.EditedDec 12 2016, 11:31 AM

I have some concerns about this, please don't enable cookie blocking on any real wikis at this time. (Primarily T152951. I also have mild concerns about T152952 but that's a rather minor issue)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL