On Fri, Jun 17, 2011 at 4:02 PM, Roan Kattouw <roan.kattouw(a)gmail.com>wrote;wrote:
On Sat, Jun 18, 2011 at 12:56 AM, Brion Vibber
<brion(a)pobox.com> wrote:
Great that we have a list! :D
Do make sure that all of those individual settings get tested before
touching the production cluster;
Well that's what the testwiki thing is for
:)
IIRC testwiki shares a lot of infrastructure and common configuration with
the rest of the sites, so unless it's been given an isolated set of config
files & interwiki database files, still be careful. :)
I'd be particularly worried about the
possibility of exposing '//domain/something' style URLs into output that
requires a fully-clickable link.
I don't quite get this -- the example below refers to API output, and
you're right we need to really output absolute URLs there (good
catch!), but I don't see any other scenario where outputting
protocol-relative URLs would be bad. Maybe RSS feeds, too, and non-UI
things in general, but really everything in the UI ought to be fair
game, right?
Almost everything in web UI should be pretty much fine yes -- I really mean
things where the URL ends up someplace *outside* a browser, directly or
indirectly, and then needs to be resolved and used without the browser's
context. Places you definitely want some full URLs include:
* api
* additional specialty APIs (say, movie embedding links)
* feeds (in at least some places)
* email
* export XML that contains URLs for files or pages
There may be other things that we just haven't thought of, which is why I
wanted to raise it.
But some like the interwikis may be assuming
fully-qualified URLs; for
instance on API results those should probably return fully-qualified URLs
but they're probably not running through wfExpandURL.
Good point, but I'm more worried about the reverse TBH: what if
there's some code that runs stuff through wfExpandUrl() even though it
could, and maybe even should, be protocol-relative?
Also worth checking for! I'm less worried about those though since the worst
case result is "status quo". :)
-- brion