Page MenuHomePhabricator
Files F15377244

D21123.id50305.diff
No OneTemporary
Actions

D21123.id50305.diff
View Options

diff --git a/src/applications/config/option/PhabricatorNotificationConfigOptions.php b/src/applications/config/option/PhabricatorNotificationConfigOptions.php
--- a/src/applications/config/option/PhabricatorNotificationConfigOptions.php
+++ b/src/applications/config/option/PhabricatorNotificationConfigOptions.php
@@ -52,6 +52,7 @@
return array(
$this->newOption('notification.servers', $servers_type, array())
+ ->setHidden(true)
->setSummary(pht('Configure real-time notifications.'))
->setDescription($servers_help)
->addExample(
diff --git a/src/applications/notification/client/PhabricatorNotificationServerRef.php b/src/applications/notification/client/PhabricatorNotificationServerRef.php
--- a/src/applications/notification/client/PhabricatorNotificationServerRef.php
+++ b/src/applications/notification/client/PhabricatorNotificationServerRef.php
@@ -209,8 +209,7 @@
$server_uri = $this->getURI('/status/');
- list($body) = id(new HTTPSFuture($server_uri))
- ->setTimeout(2)
+ list($body) = $this->newFuture($server_uri)
->resolvex();
return phutil_json_decode($body);
@@ -225,10 +224,32 @@
$server_uri = $this->getURI('/');
$payload = phutil_json_encode($data);
- id(new HTTPSFuture($server_uri, $payload))
+ $this->newFuture($server_uri, $payload)
->setMethod('POST')
- ->setTimeout(2)
->resolvex();
}
+ private function newFuture($uri, $data = null) {
+ if ($data === null) {
+ $future = new HTTPSFuture($uri);
+ } else {
+ $future = new HTTPSFuture($uri, $data);
+ }
+
+ $future->setTimeout(2);
+
+ // At one point, a HackerOne researcher reported a "Location:" redirect
+ // attack here (if the attacker can gain control of the notification
+ // server or the configuration).
+
+ // Although this attack is not particularly concerning, we don't expect
+ // Aphlict to ever issue a "Location:" header, so receiving one indicates
+ // something is wrong and declining to follow the header may make debugging
+ // easier.
+
+ $future->setFollowLocation(false);
+
+ return $future;
+ }
+
}
diff --git a/src/docs/user/configuration/configuration_locked.diviner b/src/docs/user/configuration/configuration_locked.diviner
--- a/src/docs/user/configuration/configuration_locked.diviner
+++ b/src/docs/user/configuration/configuration_locked.diviner
@@ -146,6 +146,12 @@
you should move these configuration values from the database to a local config
file. Usually, you'll do this by first copying the value from the database:
+```
+phabricator/ $ ./bin/config get <key>
+```
+
+...into local configuration:
+
```
phabricator/ $ ./bin/config set <key> <value>
```
diff --git a/src/docs/user/configuration/notifications.diviner b/src/docs/user/configuration/notifications.diviner
--- a/src/docs/user/configuration/notifications.diviner
+++ b/src/docs/user/configuration/notifications.diviner
@@ -156,7 +156,8 @@
=======================
After configuring `notification.servers`, navigate to
-{nav Config > Notification Servers} to verify that things are operational.
+{nav Config > Services > Notification Servers} to verify that things are
+operational.
Troubleshooting

File Metadata

Mime Type
text/plain
Expires
Fri, Mar 14, 8:27 AM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7377536
Default Alt Text
D21123.id50305.diff (3 KB)

Event Timeline

Phabricator · Built by Phacility