From: Marko Obrovac <mobrovac@wikimedia.org>
Date: Mon, 22 Apr 2019 20:28:54 +0000 (-0700)
Subject: Allow the request ID to be passed in via the `X-Request-Id` header
X-Git-Tag: 1.34.0-rc.0~1689
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/journal.php?a=commitdiff_plain;h=01c2e25f0a0d5ae142f325773ab623c074d99f59;p=lhc%2Fweb%2Fwiklou.git

Allow the request ID to be passed in via the `X-Request-Id` header

For tracing and logging purposes, we want to be able to see/generate the
list of all of the requests that happen in the environment for a given
external incoming request. To that end, allow Mediawiki to accept the
request ID provided by the incoming request as its own.

Since this may be problematic for set-ups that don't have an entity in
front of MW that sanitises the headers on the way in, introduce a new
global variable, `$wgAllowExternalReqID`, that can disable this
behaviour. By default, the feature is disabled.

Bug: T201409
Change-Id: I605471fb8b5bbc290baeecc7d80d9d715cb240c9
---

diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34
index c53bb6f39c..2531be2f01 100644
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@@ -27,7 +27,12 @@ For notes on 1.33.x and older releases, see HISTORY.
 === Configuration changes for system administrators in 1.34 ===
 
 ==== New configuration ====
-* â¦
+* $wgAllowExternalReqID (T201409) - This configuration setting controls whether
+  Mediawiki accepts the request ID set by the incoming request via the
+  `X-Request-Id` header. If set to `true`, that value will be used throughout
+  the code as the request identificator. Otherwise, the sent header will be
+  ignored and the request ID will either be taken from Apache's mod_unique
+  module or will be generated by Mediawiki itself (depending on the set-up).
 
 ==== Changed configuration ====
 * â¦
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 0f7a6068e9..28e9ec8f50 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -8430,6 +8430,13 @@ $wgLocalVirtualHosts = [];
  */
 $wgHTTPConnectTimeout = 5e0;
 
+/**
+ * Whether to respect/honour the request ID provided by the incoming request
+ * via the `X-Request-Id` header. Set to `true` if the entity sitting in front
+ * of Mediawiki sanitises external requests. Default: `false`.
+ */
+$wgAllowExternalReqID = false;
+
 /** @} */ # End HTTP client }
 
 /************************************************************************//**
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 7da092f5dc..76d94b2e19 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -275,8 +275,18 @@ class WebRequest {
 	public static function getRequestId() {
 		// This method is called from various error handlers and should be kept simple.
 
-		if ( !self::$reqId ) {
-			self::$reqId = $_SERVER['UNIQUE_ID'] ?? wfRandomString( 24 );
+		if ( self::$reqId ) {
+			return self::$reqId;
+		}
+
+		global $wgAllowExternalReqID;
+
+		self::$reqId = $_SERVER['UNIQUE_ID'] ?? wfRandomString( 24 );
+		if ( $wgAllowExternalReqID ) {
+			$id = RequestContext::getMain()->getRequest()->getHeader( 'X-Request-Id' );
+			if ( $id ) {
+				self::$reqId = $id;
+			}
 		}
 
 		return self::$reqId;