Add Vary: X-Forwarded-Proto for https redirects

From mark's comments on https://gerrit.wikimedia.org/r/#/c/86268/, we
should be setting Vary: X-Forwarded-Proto when the response varies on
the protocol, which is the case for redirects from http->https.

Change-Id: Ie6dc9da4e804199b99e3a7abbea7775a181801a0

diff --git a/includes/Wiki.php b/includes/Wiki.php
index 0683d7c..b3bcf33 100644 (file)
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -539,6 +539,8 @@ class MediaWiki {
                        $title = Title::newFromText( NS_MAIN, 'REDIR' );
                        $this->context->setTitle( $title );
                        $output = $this->context->getOutput();
+                       // Since we only do this redir to change proto, always send a vary header
+                       $output->addVaryHeader( 'X-Forwarded-Proto' );
                        $output->redirect( $redirUrl );
                        $output->output();
                        wfProfileOut( __METHOD__ );

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index a68efc4..9429f10 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -178,6 +178,8 @@ class LoginForm extends SpecialPage {
                        if ( $wgSecureLogin && wfCanIPUseHTTPS( $this->getRequest()->getIP() ) ) {
                                $url = wfAppendQuery( $url, 'fromhttp=1' );
                                $this->getOutput()->redirect( $url );
+                               // Since we only do this redir to change proto, always vary
+                               $this->getOutput()->addVaryHeader( 'X-Forwarded-Proto' );
                                return;
                        } else {
                                // A wiki without HTTPS login support should set $wgServer to