BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/130321
Change subject: Revert "Set domain to TLD on GeoIP cookie" ...................................................................... Revert "Set domain to TLD on GeoIP cookie" Testing impact on current production issues. This reverts commit 1c252fa8fc091dd78983c051341eb4e317259450. Change-Id: Ie833b1130efdb6be5b3630097802b2e24bf49492 --- M templates/varnish/geoip.inc.vcl.erb 1 file changed, 6 insertions(+), 58 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/21/130321/1 diff --git a/templates/varnish/geoip.inc.vcl.erb b/templates/varnish/geoip.inc.vcl.erb index 3cbb2b2..b9e5d71 100644 --- a/templates/varnish/geoip.inc.vcl.erb +++ b/templates/varnish/geoip.inc.vcl.erb @@ -22,7 +22,6 @@ char * geo_get_xff_ip (const struct sess *sp); char * geo_sanitize_for_cookie (char *string); void geo_set_cache_control (const struct sess *sp); - const char * geo_get_top_cookie_domain (const char *host); void geo_init() { @@ -94,51 +93,6 @@ VRT_SetHdr(sp, HDR_OBJ, "\016Last-Modified:", now, vrt_magic_string_end); VRT_SetHdr(sp, HDR_OBJ, "\016Cache-Control:", "private, max-age=86400, s-maxage=0", vrt_magic_string_end); } - - - /* - * Extract the topmost part of the domain name for which a cookie may be set. - * This consists of the public suffix (e.g., 'org') plus one more level. - * - * In Wikimedia's case, this is always the top two parts of the name (for example, - * 'wikipedia.org' for 'en.m.wikipedia.org'. But we handle other common cases correctly too, - * like 'news.bbc.co.uk' (which may set cookies for bbc.co.uk, but not the entire co.uk public - * suffix), by assuming that if either of the top two levels is less than three characters - * long, then the public suffix contains two parts. A fully comprehensive and correct solution - * would require checking against a public suffix database like <https://publicsuffix.org/>. - */ - const char * - geo_get_top_cookie_domain(const char *host) { - const char *last, *second_last, *third_last, *pos, *top_cookie_domain; - - if (host == NULL) { - return NULL; - } - - last = second_last = third_last = host; - for (pos = host; *pos != '\0'; pos++) { - if (*pos == '.') { - third_last = second_last; - second_last = last; - last = pos; - } - } - - /* If either the second- or top-level domain is less than three characters long, */ - /* assume that the domain uses a two-part public suffix (like '.co.uk') and include */ - /* one additional level in the result. */ - if ((pos - last) <= 3 || (last - second_last) <= 3) { - top_cookie_domain = third_last; - } else { - top_cookie_domain = second_last; - } - - if (*top_cookie_domain == '.') { - top_cookie_domain++; - } - - return top_cookie_domain; - } }C sub geoip_lookup { @@ -187,8 +141,7 @@ const char *cookie_out = NULL; char cookie_buf[255]; - const char *host = VRT_GetHdr(sp, HDR_REQ, "\005host:"); - const char *ip = geo_get_xff_ip(sp); + char *ip = geo_get_xff_ip(sp); int af = geo_get_addr_family(ip); if (af == -1) { ip = VRT_IP_string(sp, VRT_r_client_ip(sp)); @@ -198,26 +151,21 @@ geo_init(); record = GeoIP_record_by_addr(gi, ip); - int snp_len; if (record) { /* Set-Cookie: GeoIP=US:San_Francisco:37.7749:-122.4194:v4; path=/ */ - snp_len = snprintf(cookie_buf, sizeof(cookie_buf), "GeoIP=%s:%s:%.4f:%.4f:%s; Path=/; Domain=.%s", + int snp_len = snprintf(cookie_buf, sizeof(cookie_buf), "GeoIP=%s:%s:%.4f:%.4f:%s; path=/", record->country_code ? geo_sanitize_for_cookie(record->country_code) : "", record->city ? geo_sanitize_for_cookie(record->city) : "", record->latitude, record->longitude, - (af == AF_INET6) ? "v6" : "v4", - geo_get_top_cookie_domain(host) + (af == AF_INET6) ? "v6" : "v4" ); + if (snp_len < sizeof(cookie_buf)) /* don't use truncated output */ + cookie_out = cookie_buf; GeoIPRecord_delete(record); } else { - snp_len = snprintf(cookie_buf, sizeof(cookie_buf), "GeoIP=::::%s; Path=/; Domain=.%s", - (af == AF_INET6) ? "v6" : "v4", - geo_get_top_cookie_domain(host) - ); + cookie_out = (af == AF_INET6) ? "GeoIP=::::v6; path=/" : "GeoIP=::::v4; path=/"; } - if (snp_len < sizeof(cookie_buf)) /* don't use truncated output */ - cookie_out = cookie_buf; if (cookie_out) { /* Use libvmod-header to ensure the Set-Cookie header we are adding does not -- To view, visit https://gerrit.wikimedia.org/r/130321 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie833b1130efdb6be5b3630097802b2e24bf49492 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits