Snippets/forceHTTPS cookie
< Snippets
 | |
|---|---|
| Language(s): | JavaScript |
| Compatible with: | MediaWiki 1.22+ |
Description
[edit]Add a link in the colophon of the page permitting to anonymous users (or even logged-in users by changing the first line) to opt-in for being redirected to HTTPS with a forceHTTPS cookie.
Code
[edit]/**
* Gadget to let the users (possibly anonymous users) ask for a forceHTTPS cookie
*
* This cookie is specified in <https://crypto.stanford.edu/forcehttps/>
* and is recognised by MediaWiki to redirect the user to HTTPS. The user
* (or admins if written in MediaWiki:Common.js) can specify the messages
* of the link and some explanation just after the click.
*
* @author Seb35
* @licence WTFPL 2.0
*/
var forceHTTPSoptions = {
gadget: true, // Activate this script (and let the users deactivate it)
activate: 'Activate HTTPS', // 'Activer le HTTPS', // Message of the enter link
deactivate: 'Deactivate HTTPS', // 'Désactiver le HTTPS' // Message of the exit link
messageIn: '<p>HTTPS will only be activated on this computer.</p><hr /><p>Do you know <a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a>? It activates HTTPS on a bunch of websites, including Wikipedia.</p><p>As a tip, user accounts always use HTTPS, if you want to registrate.</p>', // '<p>HTTPS ne sera activé que sur cet ordinateur.</p><hr /><p>Connaissez-vous <a href="https://fr.wikipedia.org/wiki/HTTPS_Everywhere">HTTPS Everywhere</a> ? Cela active le HTTPS sur de nombreux sites dont Wikipédia.</p><p>Pour information, les comptes utilisateur utilisent toujours le HTTPS, si vous souhaitez créer un compte.</p>', // Give the user a message before setting the cookie (false or string)
messageOut: '<p>HTTPS will only be deactivated only on this computer.</p><p>Now you can also use the HTTP version (less secure than the HTTPS version).</p>', //'<p>HTTPS sera désactivé uniquement sur cet ordinateur.</p><p>Maintenant vous pouvez également utiliser la version HTTP (moins sécurisée que la version HTTPS).</p>', // Give the user a message before removing the cookie (false or string)
widthIn: 400, // Hook to change the message window width, 0 to use the default
widthOut: 400 // Hook to change the message window width, 0 to use the default
};
$( function() {
var opts = forceHTTPSoptions;
if( !opts.gadget || mw.config.get('wgUserName') !== null ) return;
// Add the link in the bottom of the pages
$('#footer-places').append('<li><a id="forceHTTPSlink" style="cursor:pointer;">'+( !$.cookie(mw.config.get('wgCookiePrefix')+'forceHTTPS') ? opts.activate : opts.deactivate )+'</a></li>');
$('#forceHTTPSlink').click( function() {
// This function displays the dialog
function dialog(on) {
if( !opts['message'+on] ) return;
$('body').append('<div id="forceHTTPSmessage">'+opts['message'+on]+'</div>' );
var dialogOptions = {
modal: true,
buttons: {
Ok: function() { $( this ).dialog( 'destroy' ); $('#forceHTTPSmessage').remove(); }
}};
if( opts['width'+on] ) dialogOptions.width = opts['width'+on];
$( "#forceHTTPSmessage" ).dialog( dialogOptions );
}
// This is the logic to create or destroy the forceHTTPS cookie
// NB: the attribute "secure: false" is really important else the system don’t work
if( $.cookie( mw.config.get('wgCookiePrefix')+'forceHTTPS' ) === null ) {
dialog('In');
$.cookie( mw.config.get('wgCookiePrefix')+'forceHTTPS', 'true', { path: '/', secure: false } );
$( this ).text( opts.deactivate );
}
else {
dialog('Out');
$.cookie( mw.config.get('wgCookiePrefix')+'forceHTTPS', null, { path: '/', secure: false } );
$( this ).text( opts.activate );
}
});
});
Note
[edit]There is no i18n since it was originally intended for single-language wikis (and to lighten it), but it can be added.