Create Task
Maniphest T150768

StopMobileRedirectCookie is rejected on some domains
Closed, ResolvedPublic
Actions

Description

When MFStopRedirectCookieHost config variable is not set MobileContext will try to find the base domain by itself.
MobileContext::getBaseDomain() will pick up only last two domain parts. Browsers will reject this cookie when last parts are public suffix. for example:

  • wmflabs.org
  • co.uk
  • com.pl

There are 2 solutions :

  • find a better way to calculate base domain
  • use the default domain, which is set automatically by WebResponse::setCookie()

Details

SubjectRepoBranchLines +/-
Fix MobileContext::getBaseDomain() methodmediawiki/extensions/MobileFrontendmaster+204 -46
Customize query in gerrit

Related Objects

Event Timeline

pmiazga created this task.Nov 15 2016, 4:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 15 2016, 4:31 PM
phuedx updated the task description. (Show Details)Nov 15 2016, 6:08 PM
ovasileva triaged this task as High priority.Nov 16 2016, 5:48 PM
ovasileva moved this task from Incoming to 2016-17 Q2 on the Web-Team-Backlog board.
MBinder_WMF added a project: Unplanned-Sprint-Work.Nov 16 2016, 6:12 PM
gerritbot subscribed.Nov 18 2016, 1:29 AM

Change 321796 had a related patch set uploaded (by Pmiazga):
Fix MobileContenxt::getBaseDomain() method

https://gerrit.wikimedia.org/r/321796

gerritbot added a project: Patch-For-Review.Nov 18 2016, 1:29 AM
pmiazga moved this task from Needs Analysis to Code Review on the Reading-Web-Sprint-85-💩 board.Nov 18 2016, 1:44 AM
gerritbot added a comment.Nov 21 2016, 2:28 PM

Change 321796 merged by jenkins-bot:
Fix MobileContext::getBaseDomain() method

https://gerrit.wikimedia.org/r/321796

phuedx moved this task from Code Review to Ready for Signoff on the Reading-Web-Sprint-85-💩 board.Nov 21 2016, 5:04 PM
MBinder_WMF removed a project: Unplanned-Sprint-Work.Nov 21 2016, 5:12 PM
MBinder_WMF added a project: Technical-Debt.
phuedx closed this task as Resolved.Nov 21 2016, 5:16 PM
phuedx subscribed.

This will be tested and signed off as part of T148975.

phuedx claimed this task.Nov 21 2016, 5:16 PM
ReleaseTaggerBot added a project: MW-1.29-release (WMF-deploy-2016-11-29_(1.29.0-wmf.4)).Nov 27 2016, 11:01 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits