Last modified: 2014-09-02 23:56:57 UTC
There are use cases where the edit permission is allowed to '*' yet a cookie is necessary for editing certain pages (or, in my specific use case, certain unflagged revisions). Having $wgVisualEditorParsoidForwardCookies ignored in those cases cause obscure 500 errors on VE startup. It's not clear to me why that setting is only conditionally obeyed; if the wiki is configured so that any page really /can/ be edited, then just not setting that variable to true does the trick.
s/true/false/ obviously.
(In reply to Marc A. Pelletier from comment #0) > There are use cases where the edit permission is allowed to '*' yet a cookie > is necessary for editing certain pages This setting is only relevant if a cookie is required to *read* certain pages. Is that what is being restricted in your case? Because in that case, whatever extension is used to achieve this read restriction should probably do something that causes User::isEveryoneAllowed( 'read' ) to return false (there's a hook for that).
Yes, a combination of FR and a TitleReadWhitelist to only allow users to read flagged revisions unless they are the editor. I was not aware there's a hook to prevent isEveryoneAllowed, that seems to be a good way to fix this. That said, I'm still a little puzzled on the necessity to ignore an explicitly set configuration variable in the case where it appears unnecessary. *shrug*
... a TitleReadWhitelist [hook] ...
(In reply to Marc A. Pelletier from comment #3) > That said, I'm still a little puzzled on the necessity to ignore an > explicitly set configuration variable in the case where it appears > unnecessary. *shrug* Yeah, I'm not so sure that was a good decision in hindsight, but I also don't feel very comfortable changing the behavior in a way that will make it less secure for some people.
As designed, then.
