require_once "$IP/includes/AutoLoader.php";
}
+// Install a header callback to prevent caching of responses with cookies (T127993)
+if ( !$wgCommandLineMode ) {
+ header_register_callback( function () {
+ $headers = [];
+ foreach ( headers_list() as $header ) {
+ list( $name, $value ) = explode( ':', $header, 2 );
+ $headers[strtolower( trim( $name ) )][] = trim( $value );
+ }
+
+ if ( isset( $headers['set-cookie'] ) ) {
+ $cacheControl = isset( $headers['cache-control'] )
+ ? implode( ', ', $headers['cache-control'] )
+ : '';
+
+ if ( !preg_match( '/(?:^|,)\s*(?:private|no-cache|no-store)\s*(?:$|,)/i', $cacheControl ) ) {
+ header( 'Expires: Thu, 01 Jan 1970 00:00:00 GMT' );
+ header( 'Cache-Control: private, max-age=0, s-maxage=0' );
+ MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning(
+ 'Cookies set on {url} with Cache-Control "{cache-control}"', [
+ 'url' => WebRequest::getGlobalRequestURL(),
+ 'cookies' => $headers['set-cookie'],
+ 'cache-control' => $cacheControl ?: '<not set>',
+ ]
+ );
+ }
+ }
+ } );
+}
+
MWExceptionHandler::installHandler();
require_once "$IP/includes/compat/normal/UtfNormalUtil.php";
}
/**
- * Return the path and query string portion of the request URI.
+ * Return the path and query string portion of the main request URI.
* This will be suitable for use as a relative link in HTML output.
*
* @throws MWException
* @return string
*/
- public function getRequestURL() {
+ public static function getGlobalRequestURL() {
if ( isset( $_SERVER['REQUEST_URI'] ) && strlen( $_SERVER['REQUEST_URI'] ) ) {
$base = $_SERVER['REQUEST_URI'];
} elseif ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] )
}
}
+ /**
+ * Return the path and query string portion of the request URI.
+ * This will be suitable for use as a relative link in HTML output.
+ *
+ * @throws MWException
+ * @return string
+ */
+ public function getRequestURL() {
+ return self::getGlobalRequestURL();
+ }
+
/**
* Return the request URI with the canonical service and hostname, path,
* and query string. This will be suitable for use as an absolute link