Log a feature usage message and add a warning to the response when an
API request is made over unencrypted HTTP and the wiki or user has asked
that HTTPS be used by default.
Bug: T105794
Change-Id: I339bfa96614c6318db303bb22a8f86bd0336ddbe
* @param array $params An array with the request parameters
*/
protected function setupExternalResponse( $module, $params ) {
* @param array $params An array with the request parameters
*/
protected function setupExternalResponse( $module, $params ) {
- if ( !$this->getRequest()->wasPosted() && $module->mustBePosted() ) {
+ $request = $this->getRequest();
+ if ( !$request->wasPosted() && $module->mustBePosted() ) {
// Module requires POST. GET request might still be allowed
// if $wgDebugApi is true, otherwise fail.
$this->dieUsageMsgOrDebug( array( 'mustbeposted', $this->mAction ) );
// Module requires POST. GET request might still be allowed
// if $wgDebugApi is true, otherwise fail.
$this->dieUsageMsgOrDebug( array( 'mustbeposted', $this->mAction ) );
// Create an appropriate printer
$this->mPrinter = $this->createPrinterByName( $params['format'] );
}
// Create an appropriate printer
$this->mPrinter = $this->createPrinterByName( $params['format'] );
}
+
+ if ( $request->getProtocol() === 'http' && (
+ $request->getSession()->shouldForceHTTPS() ||
+ ( $this->getUser()->isLoggedIn() &&
+ $this->getUser()->requiresHTTPS() )
+ ) ) {
+ $this->logFeatureUsage( 'https-expected' );
+ $this->setWarning( 'HTTP used when HTTPS was expected' );
+ }