This performs sanity check that request *is* for a non-write module.
By handling the validation, the CDN layer can simply use the presence
of this header to route POST requests to the local datacenter.
Without validation, users could cause strange traffic patterns and slow
cross-DC database writes (which can involve many RTTs).
This is useful for AJAX widgets that need to post a payload to get a
response, but that don't actually change anything in the process. They
should be able to use the local datacenter.
Bug: T91820
Change-Id: I34248ddee33033e3d1d86c3391236259d917d4a7
if ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) {
ignore_user_abort( true );
}
+
+if ( !defined( 'MW_API' ) &&
+ RequestContext::getMain()->getRequest()->getHeader( 'Promise-Non-Write-API-Action' )
+) {
+ header( 'Cache-Control: no-cache' );
+ header( 'Content-Type: text/html; charset=utf-8' );
+ HttpStatus::header( 400 );
+ $error = wfMessage( 'nonwrite-api-promise-error' )->escaped();
+ $content = <<<EOT
+<!DOCTYPE html>
+<html>
+<head><meta charset="UTF-8" /></head>
+<body>
+$error
+</body>
+</html>
+
+EOT;
+ header( 'Content-Length: ' . strlen( $content ) );
+ echo $content;
+ die();
+}
if ( $module->isWriteMode() ) {
if ( !$this->mEnableWrite ) {
$this->dieUsageMsg( 'writedisabled' );
- }
- if ( !$user->isAllowed( 'writeapi' ) ) {
+ } elseif ( !$user->isAllowed( 'writeapi' ) ) {
$this->dieUsageMsg( 'writerequired' );
- }
- if ( wfReadOnly() ) {
+ } elseif ( wfReadOnly() ) {
$this->dieReadOnly();
}
+ if ( $this->getRequest()->getHeader( 'Promise-Non-Write-API-Action' ) ) {
+ $this->dieUsage(
+ "Promise-Non-Write-API-Action HTTP header cannot be sent to write API modules",
+ 'promised-nonwrite-api'
+ );
+ }
}
// Allow extensions to stop execution for arbitrary reasons.
"missingarticle-rev": "(revision#: $1)",
"missingarticle-diff": "(Diff: $1, $2)",
"readonly_lag": "The database has been automatically locked while the slave database servers catch up to the master",
+ "nonwrite-api-promise-error" : "The 'Promise-Non-Write-API-Action' HTTP header was sent but the request was to an API write module.",
"internalerror": "Internal error",
"internalerror_info": "Internal error: $1",
"internalerror-fatal-exception": "Fatal exception of type \"$1\"",
"missingarticle-rev": "Used as <code>$2</code> in {{msg-mw|Missing-article}}\n\nPreceded by the page title.\n\n[{{canonicalurl:Translating:Tasks|oldid=371789000}} Click here] to see an example of such an error message.\n\nParameters:\n* $1 - revision# of the requested ID",
"missingarticle-diff": "Used as <code>$2</code> in {{msg-mw|Missing-article}}\n\nPreceded by the page title.\n\n[{{canonicalurl:Translating:Tasks|diff=372398&oldid=371789000}} Click here] to see an example of such an error message.\n\nParameters:\n* $1 - the old revision ID\n* $2 - the revision ID to build the diff with",
"readonly_lag": "Error message displayed when the database is locked.",
+ "nonwrite-api-promise-error": "Error message displayed when the 'Promise-Non-Write-API-Action' HTTP header is misused.",
"internalerror": "{{Identical|Internal error}}",
"internalerror_info": "Parameters:\n* $1 - error message",
"internalerror-fatal-exception": "Error message displayed by MediaWiki itself when the request failed, inside an error box which also contains a code, a timestamp and a colon before this message.\nParameters:\n* $1 - proper name of the kind of error\n* $2 - alphanumeric code identifying the error in the server logs\n* $3 - URL which resulted in the error\n$2 and $3 are not used by default and only available for wiki customisations, because they are useful for communication to the wiki system administrator.",