From b1549598760c389b2a08d5b15f0b23f5d706f92e Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Fri, 19 Aug 2011 14:41:35 +0000 Subject: [PATCH] Make $wgVaryOnXFPForAPI apply to RSS/Atom feeds too, because they too use PROT_CURRENT. Make PROT_CURRENT usage explicit there too --- includes/DefaultSettings.php | 6 +++--- includes/Feed.php | 7 +++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 4ca6b43835..9bf4cf70c6 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1753,9 +1753,9 @@ $wgUseESI = false; $wgUseXVO = false; /** Add X-Forwarded-Proto to the Vary and X-Vary-Options headers for API - * requests. Use this if you have an SSL termination setup and want to split - * the cache between HTTP and HTTPS for API requests. This does not affect - * 'regular' requests. + * requests and RSS/Atom feeds. Use this if you have an SSL termination setup + * and need to split the cache between HTTP and HTTPS for API and feed requests + * in order to prevent cache pollution. This does not affect 'normal' requests. */ $wgVaryOnXFPForAPI = false; diff --git a/includes/Feed.php b/includes/Feed.php index 528b5f5306..6f49931718 100644 --- a/includes/Feed.php +++ b/includes/Feed.php @@ -239,12 +239,15 @@ class ChannelFeed extends FeedItem { * but can also be called separately. */ public function httpHeaders() { - global $wgOut; + global $wgOut, $wgVaryOnXFPForAPI; # We take over from $wgOut, excepting its cache header info $wgOut->disable(); $mimetype = $this->contentType(); header( "Content-type: $mimetype; charset=UTF-8" ); + if ( $wgVaryOnXFPForAPI ) { + $wgOut->addVaryHeader( 'X-Forwarded-Proto' ); + } $wgOut->sendCacheControl(); } @@ -273,7 +276,7 @@ class ChannelFeed extends FeedItem { $this->httpHeaders(); echo '' . "\n"; echo '\n"; } } -- 2.20.1