Page MenuHomePhabricator

StopMobileRedirectCookie is rejected on some domains
Closed, ResolvedPublic

Description

When MFStopRedirectCookieHost config variable is not set MobileContext will try to find the base domain by itself.
MobileContext::getBaseDomain() will pick up only last two domain parts. Browsers will reject this cookie when last parts are public suffix. for example:

  • wmflabs.org
  • co.uk
  • com.pl

There are 2 solutions :

  • find a better way to calculate base domain
  • use the default domain, which is set automatically by WebResponse::setCookie()

Event Timeline

pmiazga created this task.Nov 15 2016, 4:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 15 2016, 4:31 PM
phuedx updated the task description. (Show Details)Nov 15 2016, 6:08 PM
ovasileva triaged this task as High priority.Nov 16 2016, 5:48 PM
ovasileva moved this task from Incoming to 2016-17 Q2 on the Readers-Web-Backlog board.

Change 321796 had a related patch set uploaded (by Pmiazga):
Fix MobileContenxt::getBaseDomain() method

https://gerrit.wikimedia.org/r/321796

Change 321796 merged by jenkins-bot:
Fix MobileContext::getBaseDomain() method

https://gerrit.wikimedia.org/r/321796

phuedx closed this task as Resolved.Nov 21 2016, 5:16 PM
phuedx added a subscriber: phuedx.

This will be tested and signed off as part of T148975.

phuedx claimed this task.Nov 21 2016, 5:16 PM