1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-22 20:51:10 +01:00

Detect un-cookieable domain confiugration and explode

Summary:
Chrome/Chromium won't set cookies on these domains, at least under
Ubuntu. See T754. Detect brokenness and explode.

Test Plan:
Logged into phabricator as "http://derps/" (failed) and
"http://derps.com/" (worked) in Chromium. Set config to "http://derps/" (config
exploded) and "http://local.aphront.com/" (config OK).

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan

Maniphest Tasks: T754

Differential Revision: https://secure.phabricator.com/D1355
This commit is contained in:
epriestley 2012-01-10 16:42:00 -08:00
parent 840eb46d03
commit af37b637f5
2 changed files with 41 additions and 5 deletions

View file

@ -1,7 +1,7 @@
<?php <?php
/* /*
* Copyright 2011 Facebook, Inc. * Copyright 2012 Facebook, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -250,7 +250,8 @@ class PhabricatorSetup {
return; return;
} else { } else {
$host = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); $host = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$protocol = id(new PhutilURI($host))->getProtocol(); $host_uri = new PhutilURI($host);
$protocol = $host_uri->getProtocol();
$allowed_protocols = array( $allowed_protocols = array(
'http' => true, 'http' => true,
'https' => true, 'https' => true,
@ -264,7 +265,7 @@ class PhabricatorSetup {
return; return;
} }
if (preg_match('/.*\/$/', $host)) { if (preg_match('/.*\/$/', $host)) {
self::write(" okay phabricator.base-uri\n"); self::write(" okay phabricator.base-uri protocol\n");
} else { } else {
self::writeFailure(); self::writeFailure();
self::write( self::write(
@ -275,6 +276,19 @@ class PhabricatorSetup {
"options.\n"); "options.\n");
return; return;
} }
$host_domain = $host_uri->getDomain();
if (strpos($host_domain, '.') !== false) {
self::write(" okay phabricator.base-uri domain\n");
} else {
self::writeFailure();
self::write(
"You must host Phabricator on a domain that contains a dot ('.'). ".
"The current domain, '{$host_domain}', does not have a dot, so some ".
"browsers will not set cookies on it. For instance, ".
"'http://example.com/ is OK, but 'http://example/' won't work.");
return;
}
} }
$timezone = nonempty( $timezone = nonempty(

View file

@ -1,7 +1,7 @@
<?php <?php
/* /*
* Copyright 2011 Facebook, Inc. * Copyright 2012 Facebook, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -98,6 +98,7 @@ if (PhabricatorEnv::getEnvConfig('phabricator.setup')) {
return; return;
} }
phabricator_detect_bad_base_uri();
$host = $_SERVER['HTTP_HOST']; $host = $_SERVER['HTTP_HOST'];
$path = $_REQUEST['__path__']; $path = $_REQUEST['__path__'];
@ -213,7 +214,28 @@ function setup_aphront_basics() {
function phabricator_fatal_config_error($msg) { function phabricator_fatal_config_error($msg) {
phabricator_fatal("CONFIG ERROR: ".$msg."\n"); phabricator_fatal("CONFIG ERROR: ".$msg."\n");
die(); }
function phabricator_detect_bad_base_uri() {
$conf = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
$uri = new PhutilURI($conf);
switch ($uri->getProtocol()) {
case 'http':
case 'https':
break;
default:
phabricator_fatal_config_error(
"'phabricator.base-uri' is set to '{$conf}', which is invalid. ".
"The URI must start with 'http://' or 'https://'.");
}
if (strpos($uri->getDomain(), '.') === false) {
phabricator_fatal_config_error(
"'phabricator.base-uri' is set to '{$conf}', which is invalid. The URI ".
"must contain a dot ('.'), like 'http://example.com/', not just ".
"'http://example/'. Some web browsers will not set cookies on domains ".
"with no TLD, and Phabricator requires cookies for login.");
}
} }
function phabricator_detect_insane_memory_limit() { function phabricator_detect_insane_memory_limit() {