PleaseStand has uploaded a new change for review. https://gerrit.wikimedia.org/r/119919
Change subject: Remove $wgHttpOnlyBlacklist ...................................................................... Remove $wgHttpOnlyBlacklist This hack was added in r34083 / 6b16f4410897 to support IE for Mac. That browser is no longer supported, and no additional user-agent strings have been added in WMF configuration. Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e --- M RELEASE-NOTES-1.23 M includes/DefaultSettings.php M includes/GlobalFunctions.php M includes/WebResponse.php 4 files changed, 4 insertions(+), 37 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/19/119919/1 diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23 index 340aa50..9633edd 100644 --- a/RELEASE-NOTES-1.23 +++ b/RELEASE-NOTES-1.23 @@ -50,6 +50,7 @@ prepended to the start of this array. * $wgQueryPages has been removed. Query Pages should be added to by using the wgQueryPages hook. +* $wgHttpOnlyBlacklist has been removed. === New features in 1.23 === * ResourceLoader can utilize the Web Storage API to cache modules client-side. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index c6ebb35..3c4ef50 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4871,17 +4871,6 @@ $wgCookieHttpOnly = true; /** - * If the requesting browser matches a regex in this blacklist, we won't - * send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on. - */ -$wgHttpOnlyBlacklist = array( - // Internet Explorer for Mac; sometimes the cookies work, sometimes - // they don't. It's difficult to predict, as combinations of path - // and expiration options affect its parsing. - '/^Mozilla\/4\.0 \(compatible; MSIE \d+\.\d+; Mac_PowerPC\)/', -); - -/** * A list of cookies that vary the cache (for use by extensions) */ $wgCacheVaryCookies = array(); diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index a6f936f..61d1a70 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -3444,23 +3444,6 @@ } /** - * @return bool - */ -function wfHttpOnlySafe() { - global $wgHttpOnlyBlacklist; - - if ( isset( $_SERVER['HTTP_USER_AGENT'] ) ) { - foreach ( $wgHttpOnlyBlacklist as $regex ) { - if ( preg_match( $regex, $_SERVER['HTTP_USER_AGENT'] ) ) { - return false; - } - } - } - - return true; -} - -/** * Check if there is sufficient entropy in php's built-in session generation * @return bool true = there is sufficient entropy */ @@ -3532,7 +3515,6 @@ # hasn't already been set to the desired value (that causes errors) ini_set( 'session.save_handler', $wgSessionHandler ); } - $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog( 'cookie', 'session_set_cookie_params: "' . implode( '", "', array( @@ -3540,8 +3522,9 @@ $wgCookiePath, $wgCookieDomain, $wgCookieSecure, - $httpOnlySafe ) ) . '"' ); - session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe ); + $wgCookieHttpOnly ) ) . '"' ); + session_set_cookie_params( + 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly ); session_cache_limiter( 'private, must-revalidate' ); if ( $sessionId ) { session_id( $sessionId ); diff --git a/includes/WebResponse.php b/includes/WebResponse.php index ab7524c..a3dadd0 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -88,12 +88,6 @@ $expire = time() + $wgCookieExpiration; } - // Don't mark the cookie as httpOnly if the requesting user-agent is - // known to have trouble with httpOnly cookies. - if ( !wfHttpOnlySafe() ) { - $options['httpOnly'] = false; - } - $func = $options['raw'] ? 'setrawcookie' : 'setcookie'; if ( wfRunHooks( 'WebResponseSetCookie', array( &$name, &$value, &$expire, $options ) ) ) { -- To view, visit https://gerrit.wikimedia.org/r/119919 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: PleaseStand <pleasest...@live.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits