Seb35 has uploaded a new change for review. https://gerrit.wikimedia.org/r/160665
Change subject: Version 1.1 ...................................................................... Version 1.1 - Added availability for a true BetaFeature deployment - When not a BetaFeature, enforce an HTTPS connection to change the preference (not possible to enforce this type of condition with BetaFeature.) - Use static functions - Added 3 messages (2 for the BetaFeature, 1 to enforce the HTTPS connection) Change-Id: I970e0b5ffc063a6e9fb0b9452f1721b3ccb23e06 --- M HSTS.php M i18n/en.json M i18n/fr.json 3 files changed, 60 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/HSTS refs/changes/65/160665/1 diff --git a/HSTS.php b/HSTS.php index 7c2df35..be97f72 100644 --- a/HSTS.php +++ b/HSTS.php @@ -65,13 +65,20 @@ */ $wgDefaultUserOptions['hsts'] = 0; +/** + * Enable HSTS as a Beta Feature (see BetaFeatures extension) + * If true, the beta feature will have precedence over the + * user preference, which will no more be visible. + */ +$wgHSTSBetaFeature = false; + /** REGISTRATION */ $wgExtensionCredits['other'][] = array( 'path' => __FILE__, 'name' => 'HSTS', 'author' => 'Seb35', - 'version' => '1.0.0', + 'version' => '1.1.0', 'url' => 'https://www.mediawiki.org/wiki/Extension:HSTS', 'descriptionmsg' => 'hsts-desc', ); @@ -81,7 +88,8 @@ $wgMessagesDirs['HSTS'] = __DIR__ . '/i18n'; $wgExtensionMessagesFiles['HSTS'] = __DIR__ . '/HSTS.i18n.php'; -$wgHooks['GetPreferences'][] = 'HSTSExtension::preference'; +$wgHooks['GetPreferences'][] = 'HSTSExtension::getPreferences'; +$wgHooks['GetBetaFeaturePreferences'][] = 'HSTSExtension::getBetaFeaturePreferences'; $wgHooks['BeforePageDisplay'][] = 'HSTSExtension::addHeader'; @@ -95,9 +103,12 @@ * @var array $preferences Description of the preferences * @return true */ - function preference( $user, &$preferences ) { + static function getPreferences( $user, &$preferences ) { - global $wgHSTSForUsers; + global $wgHSTSBetaFeature, $wgHSTSForUsers; + + // If HSTS is activated as a Beta Feature, do not add it here + if( AutoLoader::loadClass( 'BetaFeatures' ) && $wgHSTSBetaFeature ) return true; // If HSTS is mandatory, do not display the choice if( $wgHSTSForUsers ) return true; @@ -109,6 +120,40 @@ 'section' => 'personal/info' ); + // Enable this preference only if we are on HTTPS + if( $user->getRequest()->detectProtocol() !== 'https' ) { + + $preferences['hsts']['label-message'] = 'hsts-https-tog'; + $preferences['hsts']['disabled'] = true; + } + + return true; + } + + /** + * Add the HSTS beta feature + * + * @var User $user Current user + * @var array $preferences Description of the Beta Features + * @return true + * + * @todo Add a screenshot (a padlock?) + */ + static function getBetaFeaturePreferences( $user, &$preferences ) { + + global $wgHSTSBetaFeature; + + // If HSTS is activated as a Beta Feature, do not add it here + if( !$wgHSTSBetaFeature ) return true; + + $preferences['hsts'] = array( + 'label-message' => 'hsts-beta-feature-message', + 'desc-message' => 'hsts-beta-feature-description', + 'info-link' => 'https://www.mediawiki.org/wiki/Extension:HSTS', + 'discussion-link' => 'https://www.mediawiki.org/wiki/Extension_talk:HSTS', + 'requirements' => array( 'betafeatures' => array( 'prefershttps' ) ) + ); + return true; } @@ -118,12 +163,12 @@ * @var Output $output Output object * @return true */ - function addHeader( $output ) { + static function addHeader( $output ) { global $wgHSTSForAnons, $wgHSTSForUsers, $wgHSTSIncludeSubdomains, $wgHSTSMaxAge; // Check if the user will get STS header - if( $output->getRequest()->detectProtocol() != 'https' ) return true; + if( $output->getRequest()->detectProtocol() !== 'https' ) return true; if( $output->getUser()->isAnon() && !$wgHSTSForAnons ) return true; if( $output->getUser()->isLoggedIn() && !$wgHSTSForUsers && !$output->getUser()->getOption('hsts') ) return true; diff --git a/i18n/en.json b/i18n/en.json index 553735a..3d20350 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -5,5 +5,8 @@ ] }, "hsts-desc": "HSTS (HTTP Strict Transport Security) on a per-user basis", - "hsts-tog": "Enable HTTP Strict Transport Security (HSTS)" -} \ No newline at end of file + "hsts-tog": "Enable HTTP Strict Transport Security (HSTS)", + "hsts-https-tog": "Enable HTTP Strict Transport Security (HSTS)<br />Reload this page with HTTPS to change this preference.", + "hsts-beta-feature-message": "Always use a secure connection", + "hsts-beta-feature-description": "This reinforces your security on this website by keeping you secure even after you log out, and assures nobody can spy you during your browsing. With this option activated and a recent browser supporting this technology (HSTS), any security alert is very probably a true attack against you." +} diff --git a/i18n/fr.json b/i18n/fr.json index 5cf5228..7148149 100644 --- a/i18n/fr.json +++ b/i18n/fr.json @@ -5,5 +5,8 @@ ] }, "hsts-desc": "HSTS (HTTP Strict Transport Security) configurable par utilisateur", - "hsts-tog": "Activer HTTP Strict Transport Security (HSTS)" + "hsts-tog": "Activer HTTP Strict Transport Security (HSTS)", + "hsts-https-tog": "Activer HTTP Strict Transport Security (HSTS)<br />Rechargez cette page avec HTTPS pour changer cette préférence", + "hsts-beta-feature-message": "Toujours utiliser une connexion sécurisée", + "hsts-beta-feature-description": "Ceci renforce votre sécurité sur ce site web en gardant une connexion sécurisée même après que vous vous soyez déconnecté et vous assure que personne ne peut vous espionner pendant votre navigation. Lorsque cette option est activée et que vous utilisez un navigateur récent avec cette technologie (HSTS), toute alerte de sécurité est très probablement une vraie attaque contre vous." } -- To view, visit https://gerrit.wikimedia.org/r/160665 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I970e0b5ffc063a6e9fb0b9452f1721b3ccb23e06 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/HSTS Gerrit-Branch: master Gerrit-Owner: Seb35 <seb35wikipe...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits