Hello.. I have a RHEL7 server in an enterprise environment that enforces authenticated browser sessions from all clients visiting my MW 1.28.2 application. I have installed a parsoid server on same application server as well (localhost) and have installed the "VisualEditor" and "Auth_remoteuser" extensions as follows:
# ---------------------------------------------------------------------------------------
# --- Authentication --- START ----------------------------------------------------------
# ---------------------------------------------------------------------------------------
# --- trust that server security agent forced session header to have authorized user info
# --- and auto-login users based on session header attributes
# ---------------------------------------------------------------------------------------
$HTTP_MyCompanyUID = "";
$HTTP_MyCompanyEMAIL = "";
$HTTP_MyCompanyCN = "";
if(isset($_SERVER['HTTP_MyCompanyUID'])){$HTTP_MyCompanyUID=$_SERVER['HTTP_MyCompanyUID'];}
if(isset($_SERVER['HTTP_MyCompanyEMAIL'])){$HTTP_MyCompanyEMAIL=$_SERVER['HTTP_MyCompanyEMAIL'];}
if(isset($_SERVER['HTTP_MyCompanyCN'])){$HTTP_MyCompanyCN=$_SERVER['HTTP_MyCompanyCN'];}
wfLoadExtension('Auth_remoteuser');
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgAuthRemoteuserUserName = $HTTP_MyCompanyUID;
$wgAuthRemoteuserUserPrefsForced = [
'email' => $HTTP_MyCompanyEMAIL,
'realname' => $HTTP_MyCompanyCN
];
# ---------------------------------------------------------------------------------------
# --- Authentication --- STOP -----------------------------------------------------------
# ---------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------
# --- Visual Editor --- START -----------------------------------------------------------
# ---------------------------------------------------------------------------------------
if ( $_SERVER['REMOTE_ADDR'] == 'myIPaddress' ) {
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = true;
}
wfLoadExtension( 'VisualEditor' );
$wgDefaultUserOptions['visualeditor-enable'] = 1;
$wgDefaultUserOptions['visualeditor-editor'] = "visualeditor";
$wgHiddenPrefs[] = 'visualeditor-enable';
#$wgDefaultUserOptions['visualeditor-enable-experimental'] = 1;
$wgVirtualRestConfig['modules']['parsoid'] = array(
'url' => 'http://localhost:8000',
'domain' => 'localhost',
'prefix' => 'localhost'
);
$wgVisualEditorAvailableNamespaces = [
NS_MAIN => true,
NS_USER => true,
"_merge_strategy" => "array_plus"
];
$wgSessionsInObjectCache = true;
$wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true;
# ---------------------------------------------------------------------------------------
# --- Visual Editor --- STOP ------------------------------------------------------------
# ---------------------------------------------------------------------------------------
The "Auth_remote user" works well for both IE and Chrome
In IE - VisualEditor works fine and the edits are shown as made by the user...
In Chrome - VisualEditor works fine up until I try to save the changes, at which point it states that the session has become invalid and the user is no longer known. In my tinkering with it, I have set $wgEmailAuthentication = false; and $wgEmailConfirmToEdit = false; and when I do this I am able to save the edits in Chrome although the edits are logged as anonymous at the user's IP address.
Clearly the problem is that the session header is not being acknowledeg via Chrome where it is with IE.
So maybe this isn't a Parsoid/VisualEditor issue but I think this is still the place to seek help.
Does anyone know what could cause this browser based difference in the way session headers are handled by parsoid/VisualEditor?
thanks (in advance),
-Rich