Page MenuHomePhabricator

Add feature flag for block cookie behavior
Closed, ResolvedPublic2 Estimated Story Points


We should put T5233 behind a config variable so that we can easily disable it if there are problems (and also so that we can merge the cookie code before the EventLogging code).

It should default to false/off.

Event Timeline

kaldari created this task.Oct 7 2016, 12:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 7 2016, 12:11 AM
Samwilson edited projects, added Community-Tech-Sprint; removed Community-Tech.
Samwilson added a subscriber: Samwilson.

Is $wgCookieSetForAutoblocks a good name? Seems good to have the 'cookie' word at the beginning, for easier autocomplete and being similar to existing variables.

Current cookie-related variables in DefaultSettings are as follows:

$wgCookieExpiration = 180 * 86400;
$wgExtendedLoginCookieExpiration = null;
$wgCookieDomain = '';
$wgCookiePath = '/';
$wgCookieSecure = 'detect';
$wgDisableCookieCheck = false;
$wgCookiePrefix = false;
$wgCookieHttpOnly = true;
$wgCacheVaryCookies = [];

Change 48029 had a related patch set uploaded (by Samwilson):
Send a cookie with autoblocks to prevent vandalism.

DannyH set the point value for this task to 2.Oct 11 2016, 9:12 PM
DannyH moved this task from Ready to Q1 2018-19 on the Community-Tech-Sprint board.
DannyH moved this task from Q1 2018-19 to Needs Review/Feedback on the Community-Tech-Sprint board.
kaldari triaged this task as Medium priority.Oct 11 2016, 9:14 PM

Change 48029 merged by jenkins-bot:
Send a cookie with autoblocks to prevent vandalism.

kaldari closed this task as Resolved.Nov 16 2016, 7:15 PM
kaldari moved this task from Needs Review/Feedback to Q1 2018-19 on the Community-Tech-Sprint board.
Bawolff added a subscriber: Bawolff.EditedDec 12 2016, 11:31 AM

I have some concerns about this, please don't enable cookie blocking on any real wikis at this time. (Primarily T152951. I also have mild concerns about T152952 but that's a rather minor issue)