mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-18 19:40:55 +01:00
Add client-side check for protocol mismatch
Summary: Fixes T10402. I tried about 50 variations on the wording and notification layout, this seemed by far the most reasonable. Didn't implement a way to ignore the warning, which might be required - but figured this is serious and broken enough while being completely invisible 99% of the time that it's worth shouting about. Test Plan: Messed around with $_SERVER['HTTPS'] on the server side and client_uri on the client side - saw reasonable results in all combinations. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley Maniphest Tasks: T10402 Differential Revision: https://secure.phabricator.com/D16064
This commit is contained in:
parent
814fa135b0
commit
f0eb6f4fe0
4 changed files with 71 additions and 1 deletions
|
@ -8,7 +8,7 @@
|
|||
return array(
|
||||
'names' => array(
|
||||
'core.pkg.css' => 'b9927580',
|
||||
'core.pkg.js' => '3f15fa62',
|
||||
'core.pkg.js' => '3f2c120d',
|
||||
'darkconsole.pkg.js' => 'e7393ebb',
|
||||
'differential.pkg.css' => 'f3fb8324',
|
||||
'differential.pkg.js' => '4b7d8f19',
|
||||
|
@ -507,6 +507,7 @@ return array(
|
|||
'rsrc/js/core/behavior-search-typeahead.js' => '06c32383',
|
||||
'rsrc/js/core/behavior-select-content.js' => 'bf5374ef',
|
||||
'rsrc/js/core/behavior-select-on-click.js' => '4e3e79a6',
|
||||
'rsrc/js/core/behavior-setup-check-https.js' => '491416b3',
|
||||
'rsrc/js/core/behavior-time-typeahead.js' => '522431f7',
|
||||
'rsrc/js/core/behavior-toggle-class.js' => '92b9ec77',
|
||||
'rsrc/js/core/behavior-tokenizer.js' => 'b3a4b884',
|
||||
|
@ -692,6 +693,7 @@ return array(
|
|||
'javelin-behavior-search-reorder-queries' => 'e9581f08',
|
||||
'javelin-behavior-select-content' => 'bf5374ef',
|
||||
'javelin-behavior-select-on-click' => '4e3e79a6',
|
||||
'javelin-behavior-setup-check-https' => '491416b3',
|
||||
'javelin-behavior-slowvote-embed' => '887ad43f',
|
||||
'javelin-behavior-stripe-payment-form' => '3f5d6dbf',
|
||||
'javelin-behavior-test-payment-form' => 'fc91ab6c',
|
||||
|
@ -1214,6 +1216,11 @@ return array(
|
|||
'phabricator-drag-and-drop-file-upload',
|
||||
'phabricator-textareautils',
|
||||
),
|
||||
'491416b3' => array(
|
||||
'javelin-behavior',
|
||||
'javelin-uri',
|
||||
'phabricator-notification',
|
||||
),
|
||||
'49b73b36' => array(
|
||||
'javelin-behavior',
|
||||
'javelin-dom',
|
||||
|
@ -2340,6 +2347,7 @@ return array(
|
|||
'javelin-behavior-durable-column',
|
||||
'conpherence-thread-manager',
|
||||
'javelin-behavior-detect-timezone',
|
||||
'javelin-behavior-setup-check-https',
|
||||
),
|
||||
'darkconsole.pkg.js' => array(
|
||||
'javelin-behavior-dark-console',
|
||||
|
|
|
@ -82,6 +82,7 @@ return array(
|
|||
'javelin-behavior-durable-column',
|
||||
'conpherence-thread-manager',
|
||||
'javelin-behavior-detect-timezone',
|
||||
'javelin-behavior-setup-check-https',
|
||||
),
|
||||
'core.pkg.css' => array(
|
||||
'phabricator-core-css',
|
||||
|
|
|
@ -239,6 +239,28 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView
|
|||
'ignoreKey' => $ignore_key,
|
||||
'ignore' => $ignore,
|
||||
));
|
||||
|
||||
if ($user->getIsAdmin()) {
|
||||
$server_https = $request->isHTTPS();
|
||||
$server_protocol = $server_https ? 'HTTPS' : 'HTTP';
|
||||
$client_protocol = $server_https ? 'HTTP' : 'HTTPS';
|
||||
|
||||
$doc_name = 'Configuring a Preamble Script';
|
||||
$doc_href = PhabricatorEnv::getDoclink($doc_name);
|
||||
|
||||
Javelin::initBehavior(
|
||||
'setup-check-https',
|
||||
array(
|
||||
'server_https' => $server_https,
|
||||
'doc_name' => pht('See Documentation'),
|
||||
'doc_href' => $doc_href,
|
||||
'message' => pht(
|
||||
'Phabricator thinks you are using %s, but your '.
|
||||
'client is conviced that it is using %s. This is a serious '.
|
||||
'misconfiguration with subtle, but significant, consequences.',
|
||||
$server_protocol, $client_protocol),
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
$default_img_uri =
|
||||
|
|
39
webroot/rsrc/js/core/behavior-setup-check-https.js
Normal file
39
webroot/rsrc/js/core/behavior-setup-check-https.js
Normal file
|
@ -0,0 +1,39 @@
|
|||
/**
|
||||
* @provides javelin-behavior-setup-check-https
|
||||
* @requires javelin-behavior
|
||||
* javelin-uri
|
||||
* phabricator-notification
|
||||
*/
|
||||
|
||||
JX.behavior('setup-check-https', function(config) {
|
||||
|
||||
var server_https = config.server_https;
|
||||
|
||||
var client_uri = new JX.URI(window.location.href);
|
||||
var client_protocol = client_uri.getProtocol();
|
||||
var client_https = (client_protocol === 'https');
|
||||
|
||||
if (server_https === client_https) {
|
||||
return;
|
||||
}
|
||||
|
||||
var doc_link = JX.$N(
|
||||
'a',
|
||||
{
|
||||
href: config.doc_href,
|
||||
target: '_blank'
|
||||
},
|
||||
config.doc_name);
|
||||
|
||||
var content = [
|
||||
config.message,
|
||||
' ',
|
||||
doc_link,
|
||||
];
|
||||
|
||||
new JX.Notification()
|
||||
.alterClassName('jx-notification-alert', true)
|
||||
.setContent(content)
|
||||
.setDuration(0)
|
||||
.show();
|
||||
});
|
Loading…
Reference in a new issue