From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-2.8 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, RP_MATCHES_RCVD,URIBL_BLOCKED shortcircuit=no autolearn=unavailable version=3.3.2 X-Original-To: meta@public-inbox.org Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 7915020455 for ; Mon, 22 Feb 2016 01:49:29 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH] extmsg: support "//" protocol-relative URLs Date: Mon, 22 Feb 2016 01:49:29 +0000 Message-Id: <20160222014929.19594-1-e@80x24.org> List-Id: Avoid unintentionally switching protocols if the external site we're linking to supports both HTTP and HTTPS. We do not want to force HTTPS everywhere because potential bugs and performance problems in the TLS stack may outweigh the privacy benefits. Leave up to site authors and users to decide whether they want HTTPS or plain old HTTP. --- lib/PublicInbox/ExtMsg.pm | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/PublicInbox/ExtMsg.pm b/lib/PublicInbox/ExtMsg.pm index 98da45c..d89a7e3 100644 --- a/lib/PublicInbox/ExtMsg.pm +++ b/lib/PublicInbox/ExtMsg.pm @@ -16,8 +16,9 @@ use PublicInbox::MID qw/mid2path/; our @EXT_URL = ( 'http://mid.gmane.org/%s', 'https://lists.debian.org/msgid-search/%s', - 'http://mid.mail-archive.com/%s', - 'http://marc.info/?i=%s', + # leading "//" denotes protocol-relative (http:// or https://) + '//mid.mail-archive.com/%s', + '//marc.info/?i=%s', ); sub ext_msg { @@ -84,13 +85,21 @@ sub ext_msg { eval { require PublicInbox::Msgmap }; my $have_mm = $@ ? 0 : 1; + my $cgi = $ctx->{cgi}; + my $base_url; + my $scheme; + if (ref($cgi) eq 'CGI') { + $base_url = $cgi->url(-base) . '/'; + $scheme = $cgi->protocol; + } else { # Plack::Request + $base_url = $cgi->base->as_string; + $scheme = $cgi->env->{'psgi.url_scheme'}; + } if ($have_mm) { my $tmp_mid = $mid; + my $url; again: - my $cgi = $ctx->{cgi}; - my $url = ref($cgi) eq 'CGI' ? $cgi->url(-base) . '/' - : $cgi->base->as_string; # Plack::Request - $url .= $listname; + $url = $base_url . $listname; unshift @pfx, { git_dir => $ctx->{git_dir}, url => $url }; foreach my $pfx (@pfx) { my $git_dir = delete $pfx->{git_dir} or next; @@ -137,6 +146,7 @@ again: $code = 300; $s .= "\nPerhaps try an external site:\n\n"; foreach my $u (@EXT_URL) { + $u = "$scheme:$u" if $u =~ m!\A//!; my $r = sprintf($u, $href); my $t = sprintf($u, $html); $s .= qq{$t\n}; -- EW