From c4fc69ad2a46d8676573dfa3609a63c45748d8cb Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 20 Jun 2011 16:38:00 -0400 Subject: [PATCH 1/7] use async, domain-aware GoogleAnalytics JS --- .../GoogleAnalytics/GoogleAnalyticsPlugin.php | 50 ++++++++++++++----- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php b/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php index bb937ec5b9..dff43eff95 100644 --- a/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php +++ b/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php @@ -49,31 +49,57 @@ if (!defined('STATUSNET')) { */ class GoogleAnalyticsPlugin extends Plugin { - var $code = null; + const VERSION = '0.2'; function __construct($code=null) { - $this->code = $code; + if (!empty($code)) { + global $config; + $config['googleanalytics']['code'] = $code; + } + parent::__construct(); } function onEndShowScripts($action) { - $js1 = 'var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");'. - 'document.write(unescape("%3Cscript src=\'" + gaJsHost + "google-analytics.com/ga.js\' type=\'text/javascript\'%3E%3C/script%3E"));'; - $js2 = sprintf('try{'. - 'var pageTracker = _gat._getTracker("%s");'. - 'pageTracker._trackPageview();'. - '} catch(err) {}', - $this->code); - $action->inlineScript($js1); - $action->inlineScript($js2); + $code = common_config('googleanalytics', 'code'); + $domain = common_config('googleanalytics', 'domain'); + + $js = <<inlineScript($js); } function onPluginVersion(&$versions) { $versions[] = array('name' => 'GoogleAnalytics', - 'version' => STATUSNET_VERSION, + 'version' => self::VERSION, 'author' => 'Evan Prodromou', 'homepage' => 'http://status.net/wiki/Plugin:GoogleAnalytics', 'rawdescription' => From aab265709abf6b8fc058306fee1e6b5c426c3c87 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 20 Jun 2011 17:06:17 -0400 Subject: [PATCH 2/7] use old-style plugin initializers as fallback for GoogleAnalytics --- plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php b/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php index dff43eff95..9912b71543 100644 --- a/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php +++ b/plugins/GoogleAnalytics/GoogleAnalyticsPlugin.php @@ -49,6 +49,9 @@ if (!defined('STATUSNET')) { */ class GoogleAnalyticsPlugin extends Plugin { + var $code; + var $domain; + const VERSION = '0.2'; function __construct($code=null) @@ -64,7 +67,13 @@ class GoogleAnalyticsPlugin extends Plugin function onEndShowScripts($action) { $code = common_config('googleanalytics', 'code'); + if (empty($code)) { + $code = $this->code; + } $domain = common_config('googleanalytics', 'domain'); + if (empty($domain)) { + $domain = $this->domain; + } $js = << Date: Tue, 21 Jun 2011 21:59:34 +0200 Subject: [PATCH 3/7] allow cross-origin requests for host-meta --- actions/hostmeta.php | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/hostmeta.php b/actions/hostmeta.php index 7093a441d7..79ab2e0d9c 100644 --- a/actions/hostmeta.php +++ b/actions/hostmeta.php @@ -59,6 +59,7 @@ class HostMetaAction extends Action Event::handle('EndHostMetaLinks', array(&$xrd->links)); } + header('Access-Control-Allow-Origin: *'); header('Content-type: application/xrd+xml'); print $xrd->toXML(); } From 62977ad4f273c3cf0202eeb457a281681c89f3b8 Mon Sep 17 00:00:00 2001 From: flyingmana Date: Tue, 21 Jun 2011 23:43:53 +0200 Subject: [PATCH 4/7] allow cross-origin requests for xrd --- actions/userxrd.php | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/userxrd.php b/actions/userxrd.php index 7691ff155b..4851b0731c 100644 --- a/actions/userxrd.php +++ b/actions/userxrd.php @@ -30,6 +30,7 @@ class UserxrdAction extends XrdAction function prepare($args) { parent::prepare($args); + header('Access-Control-Allow-Origin: *'); $this->uri = $this->trimmed('uri'); $this->uri = self::normalize($this->uri); From 3c47d158f4b012a74577eabae344b53ff88c7c6f Mon Sep 17 00:00:00 2001 From: flyingmana Date: Wed, 29 Jun 2011 22:39:33 +0200 Subject: [PATCH 5/7] make cors header deactivatable --- actions/hostmeta.php | 5 ++++- actions/userxrd.php | 5 ++++- config.php.sample | 2 ++ lib/default.php | 1 + 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/actions/hostmeta.php b/actions/hostmeta.php index 79ab2e0d9c..98c8a33ac9 100644 --- a/actions/hostmeta.php +++ b/actions/hostmeta.php @@ -59,7 +59,10 @@ class HostMetaAction extends Action Event::handle('EndHostMetaLinks', array(&$xrd->links)); } - header('Access-Control-Allow-Origin: *'); + global $config; + if($config['site']['cors'] === true){ + header('Access-Control-Allow-Origin: *'); + } header('Content-type: application/xrd+xml'); print $xrd->toXML(); } diff --git a/actions/userxrd.php b/actions/userxrd.php index 4851b0731c..e119d69436 100644 --- a/actions/userxrd.php +++ b/actions/userxrd.php @@ -30,7 +30,10 @@ class UserxrdAction extends XrdAction function prepare($args) { parent::prepare($args); - header('Access-Control-Allow-Origin: *'); + global $config; + if($config['site']['cors'] === true){ + header('Access-Control-Allow-Origin: *'); + } $this->uri = $this->trimmed('uri'); $this->uri = self::normalize($this->uri); diff --git a/config.php.sample b/config.php.sample index 5481ca539e..8389c33318 100644 --- a/config.php.sample +++ b/config.php.sample @@ -40,6 +40,8 @@ $config['site']['path'] = 'statusnet'; // $config['site']['inviteonly'] = true; // Make the site invisible to non-logged-in users // $config['site']['private'] = true; +// Allow Cross-Origin Resource Sharing +// $config['site']['cors'] = true; // If your web server supports X-Sendfile (Apache with mod_xsendfile, // lighttpd, nginx), you can enable X-Sendfile support for better diff --git a/lib/default.php b/lib/default.php index c1dfcbc87d..847610aea9 100644 --- a/lib/default.php +++ b/lib/default.php @@ -61,6 +61,7 @@ $default = 'textlimit' => 140, 'indent' => true, 'use_x_sendfile' => false, + 'cors' => true, 'notice' => null, // site wide notice text 'build' => 1, // build number, for code-dependent cache ), From 969a558339d63c67b18f1d28893992299af38a62 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 7 Jul 2011 17:19:59 -0700 Subject: [PATCH 6/7] Change a few things around for CORS header output --- actions/hostmeta.php | 7 +++++-- actions/userxrd.php | 3 --- config.php.sample | 8 ++++++-- lib/default.php | 3 ++- lib/xrdaction.php | 5 +++++ 5 files changed, 18 insertions(+), 8 deletions(-) diff --git a/actions/hostmeta.php b/actions/hostmeta.php index 4c9e9b8ae5..fdebcf13af 100644 --- a/actions/hostmeta.php +++ b/actions/hostmeta.php @@ -44,6 +44,7 @@ class HostMetaAction extends Action function handle() { parent::handle(); + common_debug("GARGARGAR"); $domain = common_config('site', 'server'); @@ -59,11 +60,13 @@ class HostMetaAction extends Action Event::handle('EndHostMetaLinks', array(&$xrd->links)); } - global $config; - if($config['site']['cors'] === true){ + // Output Cross-Origin Resource Sharing (CORS) header + if (common_config('discovery', 'cors')) { header('Access-Control-Allow-Origin: *'); } + header('Content-type: application/xrd+xml'); + print $xrd->toXML(); } } diff --git a/actions/userxrd.php b/actions/userxrd.php index 4ba7f91c7e..6fa738a5c9 100644 --- a/actions/userxrd.php +++ b/actions/userxrd.php @@ -31,9 +31,6 @@ class UserxrdAction extends XrdAction { parent::prepare($args); global $config; - if($config['site']['cors'] === true){ - header('Access-Control-Allow-Origin: *'); - } $this->uri = $this->trimmed('uri'); $this->uri = self::normalize($this->uri); diff --git a/config.php.sample b/config.php.sample index 8ddac67417..87a1977b5f 100644 --- a/config.php.sample +++ b/config.php.sample @@ -40,8 +40,12 @@ $config['site']['path'] = 'statusnet'; // $config['site']['inviteonly'] = true; // Make the site invisible to non-logged-in users // $config['site']['private'] = true; -// Allow Cross-Origin Resource Sharing -// $config['site']['cors'] = true; + +// Allow Cross-Origin Resource Sharing (CORS) for service discovery +// (host-meta, XRD, etc.) Useful for AJAXy client applications. Should +// probably NOT be on for private / intranet sites but OK for public sites. +// Default is off. +// $config['discovery']['cors'] = true; // If your web server supports X-Sendfile (Apache with mod_xsendfile, // lighttpd, nginx), you can enable X-Sendfile support for better diff --git a/lib/default.php b/lib/default.php index 51d62ed767..a1f1ed6d8f 100644 --- a/lib/default.php +++ b/lib/default.php @@ -61,7 +61,6 @@ $default = 'textlimit' => 140, 'indent' => true, 'use_x_sendfile' => false, - 'cors' => true, 'notice' => null, // site wide notice text 'build' => 1, // build number, for code-dependent cache 'minify' => true, // true to use the minified versions of JS files; false to use orig files. Can aid during development @@ -350,4 +349,6 @@ $default = ), 'router' => array('cache' => true), // whether to cache the router object. Defaults to true, turn off for devel + 'discovery' => + array('cors' => false) // Allow Cross-Origin Resource Sharing for service discovery (host-meta, XRD, etc.) ); diff --git a/lib/xrdaction.php b/lib/xrdaction.php index a0e7a1c415..3d55204f41 100644 --- a/lib/xrdaction.php +++ b/lib/xrdaction.php @@ -117,7 +117,12 @@ class XrdAction extends Action Event::handle('EndXrdActionLinks', array(&$xrd, $this->user)); } + if (common_config('discovery', 'cors')) { + header('Access-Control-Allow-Origin: *'); + } + header('Content-type: application/xrd+xml'); + print $xrd->toXML(); } From cd05fc6aee7b25a5bd0d3f589edf3d99fb904e3e Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 7 Jul 2011 17:23:41 -0700 Subject: [PATCH 7/7] Remove debugging statement --- actions/hostmeta.php | 1 - 1 file changed, 1 deletion(-) diff --git a/actions/hostmeta.php b/actions/hostmeta.php index fdebcf13af..5caf1960cb 100644 --- a/actions/hostmeta.php +++ b/actions/hostmeta.php @@ -44,7 +44,6 @@ class HostMetaAction extends Action function handle() { parent::handle(); - common_debug("GARGARGAR"); $domain = common_config('site', 'server');