1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 19:40:55 +01:00

Add client-side check for protocol mismatch

Summary:
Fixes T10402.
I tried about 50 variations on the wording and notification layout, this seemed by far the most reasonable.
Didn't implement a way to ignore the warning, which might be required - but figured this is serious and broken enough while being completely invisible 99% of the time that it's worth shouting about.

Test Plan: Messed around with $_SERVER['HTTPS'] on the server side and client_uri on the client side - saw reasonable results in all combinations.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T10402

Differential Revision: https://secure.phabricator.com/D16064
This commit is contained in:
Asher Baker 2016-06-06 22:01:18 +00:00
parent 814fa135b0
commit f0eb6f4fe0
4 changed files with 71 additions and 1 deletions

View file

@ -8,7 +8,7 @@
return array(
'names' => array(
'core.pkg.css' => 'b9927580',
'core.pkg.js' => '3f15fa62',
'core.pkg.js' => '3f2c120d',
'darkconsole.pkg.js' => 'e7393ebb',
'differential.pkg.css' => 'f3fb8324',
'differential.pkg.js' => '4b7d8f19',
@ -507,6 +507,7 @@ return array(
'rsrc/js/core/behavior-search-typeahead.js' => '06c32383',
'rsrc/js/core/behavior-select-content.js' => 'bf5374ef',
'rsrc/js/core/behavior-select-on-click.js' => '4e3e79a6',
'rsrc/js/core/behavior-setup-check-https.js' => '491416b3',
'rsrc/js/core/behavior-time-typeahead.js' => '522431f7',
'rsrc/js/core/behavior-toggle-class.js' => '92b9ec77',
'rsrc/js/core/behavior-tokenizer.js' => 'b3a4b884',
@ -692,6 +693,7 @@ return array(
'javelin-behavior-search-reorder-queries' => 'e9581f08',
'javelin-behavior-select-content' => 'bf5374ef',
'javelin-behavior-select-on-click' => '4e3e79a6',
'javelin-behavior-setup-check-https' => '491416b3',
'javelin-behavior-slowvote-embed' => '887ad43f',
'javelin-behavior-stripe-payment-form' => '3f5d6dbf',
'javelin-behavior-test-payment-form' => 'fc91ab6c',
@ -1214,6 +1216,11 @@ return array(
'phabricator-drag-and-drop-file-upload',
'phabricator-textareautils',
),
'491416b3' => array(
'javelin-behavior',
'javelin-uri',
'phabricator-notification',
),
'49b73b36' => array(
'javelin-behavior',
'javelin-dom',
@ -2340,6 +2347,7 @@ return array(
'javelin-behavior-durable-column',
'conpherence-thread-manager',
'javelin-behavior-detect-timezone',
'javelin-behavior-setup-check-https',
),
'darkconsole.pkg.js' => array(
'javelin-behavior-dark-console',

View file

@ -82,6 +82,7 @@ return array(
'javelin-behavior-durable-column',
'conpherence-thread-manager',
'javelin-behavior-detect-timezone',
'javelin-behavior-setup-check-https',
),
'core.pkg.css' => array(
'phabricator-core-css',

View file

@ -239,6 +239,28 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView
'ignoreKey' => $ignore_key,
'ignore' => $ignore,
));
if ($user->getIsAdmin()) {
$server_https = $request->isHTTPS();
$server_protocol = $server_https ? 'HTTPS' : 'HTTP';
$client_protocol = $server_https ? 'HTTP' : 'HTTPS';
$doc_name = 'Configuring a Preamble Script';
$doc_href = PhabricatorEnv::getDoclink($doc_name);
Javelin::initBehavior(
'setup-check-https',
array(
'server_https' => $server_https,
'doc_name' => pht('See Documentation'),
'doc_href' => $doc_href,
'message' => pht(
'Phabricator thinks you are using %s, but your '.
'client is conviced that it is using %s. This is a serious '.
'misconfiguration with subtle, but significant, consequences.',
$server_protocol, $client_protocol),
));
}
}
$default_img_uri =

View file

@ -0,0 +1,39 @@
/**
* @provides javelin-behavior-setup-check-https
* @requires javelin-behavior
* javelin-uri
* phabricator-notification
*/
JX.behavior('setup-check-https', function(config) {
var server_https = config.server_https;
var client_uri = new JX.URI(window.location.href);
var client_protocol = client_uri.getProtocol();
var client_https = (client_protocol === 'https');
if (server_https === client_https) {
return;
}
var doc_link = JX.$N(
'a',
{
href: config.doc_href,
target: '_blank'
},
config.doc_name);
var content = [
config.message,
' ',
doc_link,
];
new JX.Notification()
.alterClassName('jx-notification-alert', true)
.setContent(content)
.setDuration(0)
.show();
});