Snippets/forceHTTPS cookie

From MediaWiki.org
Jump to navigation Jump to search
How to use Snippets
List of Snippets
Crystal Clear action run.png
forceHTTPS cookie
Language(s): JavaScript
Compatible with: MediaWiki 1.22+ 

Description[edit]

Add a link in the colophon of the page permitting to anonymous users (or even logged-in users by changing the first line) to opt-in for being redirected to HTTPS with a forceHTTPS cookie.

Code[edit]

/**
 * Gadget to let the users (possibly anonymous users) ask for a forceHTTPS cookie
 * 
 * This cookie is specified in <https://crypto.stanford.edu/forcehttps/>
 * and is recognised by MediaWiki to redirect the user to HTTPS. The user
 * (or admins if written in MediaWiki:Common.js) can specify the messages
 * of the link and some explanation just after the click.
 * 
 * @author Seb35
 * @licence WTFPL 2.0
 */
 
var forceHTTPSoptions = {
    gadget: true, // Activate this script (and let the users deactivate it)
    activate: 'Activate HTTPS', // 'Activer le HTTPS',     // Message of the enter link
    deactivate: 'Deactivate HTTPS', // 'Désactiver le HTTPS' // Message of the exit link
    messageIn: '<p>HTTPS will only be activated on this computer.</p><hr /><p>Do you know <a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a>? It activates HTTPS on a bunch of websites, including Wikipedia.</p><p>As a tip, user accounts always use HTTPS, if you want to registrate.</p>', // '<p>HTTPS ne sera activé que sur cet ordinateur.</p><hr /><p>Connaissez-vous <a href="https://fr.wikipedia.org/wiki/HTTPS_Everywhere">HTTPS Everywhere</a> ? Cela active le HTTPS sur de nombreux sites dont Wikipédia.</p><p>Pour information, les comptes utilisateur utilisent toujours le HTTPS, si vous souhaitez créer un compte.</p>', // Give the user a message before setting the cookie (false or string)
    messageOut: '<p>HTTPS will only be deactivated only on this computer.</p><p>Now you can also use the HTTP version (less secure than the HTTPS version).</p>', //'<p>HTTPS sera désactivé uniquement sur cet ordinateur.</p><p>Maintenant vous pouvez également utiliser la version HTTP (moins sécurisée que la version HTTPS).</p>', // Give the user a message before removing the cookie (false or string)
    widthIn: 400, // Hook to change the message window width, 0 to use the default
    widthOut: 400 // Hook to change the message window width, 0 to use the default
};
 
$( function() {
    
    var opts = forceHTTPSoptions;
    if( !opts.gadget || mw.config.get('wgUserName') !== null ) return; 
    
    // Add the link in the bottom of the pages
    $('#footer-places').append('<li><a id="forceHTTPSlink" style="cursor:pointer;">'+( !$.cookie(mw.config.get('wgCookiePrefix')+'forceHTTPS') ? opts.activate : opts.deactivate )+'</a></li>');
    $('#forceHTTPSlink').click( function() {
        
        // This function displays the dialog
        function dialog(on) {
            if( !opts['message'+on] ) return;
            $('body').append('<div id="forceHTTPSmessage">'+opts['message'+on]+'</div>' );
            var dialogOptions = {
                modal: true,
                buttons: {
                    Ok: function() { $( this ).dialog( 'destroy' ); $('#forceHTTPSmessage').remove(); }
                }};
            if( opts['width'+on] ) dialogOptions.width = opts['width'+on];
            $( "#forceHTTPSmessage" ).dialog( dialogOptions );
        }
        
        // This is the logic to create or destroy the forceHTTPS cookie
        // NB: the attribute "secure: false" is really important else the system don’t work
        if( $.cookie( mw.config.get('wgCookiePrefix')+'forceHTTPS' ) === null ) {
            dialog('In');
            $.cookie( mw.config.get('wgCookiePrefix')+'forceHTTPS', 'true', { path: '/', secure: false } );
            $( this ).text( opts.deactivate );
        }
        else {
            dialog('Out');
            $.cookie( mw.config.get('wgCookiePrefix')+'forceHTTPS', null, { path: '/', secure: false } );
            $( this ).text( opts.activate );
        }
    });
});

Note[edit]

There is no i18n since it was originally intended for single-language wikis (and to lighten it), but it can be added.