BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/130321
Change subject: Revert "Set domain to TLD on GeoIP cookie"
......................................................................
Revert "Set domain to TLD on GeoIP cookie"
Testing impact on current production issues.
This reverts commit 1c252fa8fc091dd78983c051341eb4e317259450.
Change-Id: Ie833b1130efdb6be5b3630097802b2e24bf49492
---
M templates/varnish/geoip.inc.vcl.erb
1 file changed, 6 insertions(+), 58 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/21/130321/1
diff --git a/templates/varnish/geoip.inc.vcl.erb
b/templates/varnish/geoip.inc.vcl.erb
index 3cbb2b2..b9e5d71 100644
--- a/templates/varnish/geoip.inc.vcl.erb
+++ b/templates/varnish/geoip.inc.vcl.erb
@@ -22,7 +22,6 @@
char * geo_get_xff_ip (const struct sess *sp);
char * geo_sanitize_for_cookie (char *string);
void geo_set_cache_control (const struct sess *sp);
- const char * geo_get_top_cookie_domain (const char *host);
void
geo_init() {
@@ -94,51 +93,6 @@
VRT_SetHdr(sp, HDR_OBJ, "\016Last-Modified:", now,
vrt_magic_string_end);
VRT_SetHdr(sp, HDR_OBJ, "\016Cache-Control:", "private,
max-age=86400, s-maxage=0", vrt_magic_string_end);
}
-
-
- /*
- * Extract the topmost part of the domain name for which a cookie may
be set.
- * This consists of the public suffix (e.g., 'org') plus one more level.
- *
- * In Wikimedia's case, this is always the top two parts of the name
(for example,
- * 'wikipedia.org' for 'en.m.wikipedia.org'. But we handle other common
cases correctly too,
- * like 'news.bbc.co.uk' (which may set cookies for bbc.co.uk, but not
the entire co.uk public
- * suffix), by assuming that if either of the top two levels is less
than three characters
- * long, then the public suffix contains two parts. A fully
comprehensive and correct solution
- * would require checking against a public suffix database like
<https://publicsuffix.org/>.
- */
- const char *
- geo_get_top_cookie_domain(const char *host) {
- const char *last, *second_last, *third_last, *pos,
*top_cookie_domain;
-
- if (host == NULL) {
- return NULL;
- }
-
- last = second_last = third_last = host;
- for (pos = host; *pos != '\0'; pos++) {
- if (*pos == '.') {
- third_last = second_last;
- second_last = last;
- last = pos;
- }
- }
-
- /* If either the second- or top-level domain is less than three
characters long, */
- /* assume that the domain uses a two-part public suffix (like
'.co.uk') and include */
- /* one additional level in the result.
*/
- if ((pos - last) <= 3 || (last - second_last) <= 3) {
- top_cookie_domain = third_last;
- } else {
- top_cookie_domain = second_last;
- }
-
- if (*top_cookie_domain == '.') {
- top_cookie_domain++;
- }
-
- return top_cookie_domain;
- }
}C
sub geoip_lookup {
@@ -187,8 +141,7 @@
const char *cookie_out = NULL;
char cookie_buf[255];
- const char *host = VRT_GetHdr(sp, HDR_REQ, "\005host:");
- const char *ip = geo_get_xff_ip(sp);
+ char *ip = geo_get_xff_ip(sp);
int af = geo_get_addr_family(ip);
if (af == -1) {
ip = VRT_IP_string(sp, VRT_r_client_ip(sp));
@@ -198,26 +151,21 @@
geo_init();
record = GeoIP_record_by_addr(gi, ip);
- int snp_len;
if (record) {
/* Set-Cookie:
GeoIP=US:San_Francisco:37.7749:-122.4194:v4; path=/ */
- snp_len = snprintf(cookie_buf, sizeof(cookie_buf),
"GeoIP=%s:%s:%.4f:%.4f:%s; Path=/; Domain=.%s",
+ int snp_len = snprintf(cookie_buf, sizeof(cookie_buf),
"GeoIP=%s:%s:%.4f:%.4f:%s; path=/",
record->country_code ?
geo_sanitize_for_cookie(record->country_code) : "",
record->city ?
geo_sanitize_for_cookie(record->city) : "",
record->latitude,
record->longitude,
- (af == AF_INET6) ? "v6" : "v4",
- geo_get_top_cookie_domain(host)
+ (af == AF_INET6) ? "v6" : "v4"
);
+ if (snp_len < sizeof(cookie_buf)) /* don't use
truncated output */
+ cookie_out = cookie_buf;
GeoIPRecord_delete(record);
} else {
- snp_len = snprintf(cookie_buf, sizeof(cookie_buf),
"GeoIP=::::%s; Path=/; Domain=.%s",
- (af == AF_INET6) ? "v6" : "v4",
- geo_get_top_cookie_domain(host)
- );
+ cookie_out = (af == AF_INET6) ? "GeoIP=::::v6; path=/"
: "GeoIP=::::v4; path=/";
}
- if (snp_len < sizeof(cookie_buf)) /* don't use truncated output
*/
- cookie_out = cookie_buf;
if (cookie_out) {
/* Use libvmod-header to ensure the Set-Cookie header
we are adding does not
--
To view, visit https://gerrit.wikimedia.org/r/130321
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie833b1130efdb6be5b3630097802b2e24bf49492
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
