Add reverse_proxy option which hard-codes cgiurl in CGI output
[ikiwiki.git] / IkiWiki.pm
index f30a946bf5114b1217c49b7f67d7d94ae5000195..570c185ad3728cbe685e62364c06f3c2b54bf616 100644 (file)
@@ -14,7 +14,7 @@ use vars qw{%config %links %oldlinks %pagemtime %pagectime %pagecase
        %pagestate %wikistate %renderedfiles %oldrenderedfiles
        %pagesources %delpagesources %destsources %depends %depends_simple
        @mass_depends %hooks %forcerebuild %loaded_plugins %typedlinks
-       %oldtypedlinks %autofiles @underlayfiles $lastrev};
+       %oldtypedlinks %autofiles @underlayfiles $lastrev $phase};
 
 use Exporter q{import};
 our @EXPORT = qw(hook debug error htmlpage template template_depends
@@ -34,6 +34,11 @@ our $DEPEND_CONTENT=1;
 our $DEPEND_PRESENCE=2;
 our $DEPEND_LINKS=4;
 
+# Phases of processing.
+sub PHASE_SCAN () { 0 }
+sub PHASE_RENDER () { 1 }
+$phase = PHASE_SCAN;
+
 # Optimisation.
 use Memoize;
 memoize("abs2rel");
@@ -103,6 +108,14 @@ sub getsetup () {
                safe => 1,
                rebuild => 1,
        },
+       reverse_proxy => {
+               type => "boolean",
+               default => 0,
+               description => "do not adjust cgiurl if CGI is accessed via different URL",
+               advanced => 0,
+               safe => 1,
+               rebuild => 0, # only affects CGI requests
+       },
        cgi_wrapper => {
                type => "string",
                default => '',
@@ -152,7 +165,8 @@ sub getsetup () {
                type => "internal",
                default => [qw{mdwn link inline meta htmlscrubber passwordauth
                                openid signinedit lockedit conditional
-                               recentchanges parentlinks editpage}],
+                               recentchanges parentlinks editpage
+                               templatebody}],
                description => "plugins to enable by default",
                safe => 0,
                rebuild => 1,
@@ -607,12 +621,39 @@ sub checkconfig () {
 
                        $local_cgiurl = $cgiurl->path;
 
-                       if ($cgiurl->scheme ne $baseurl->scheme or
-                               $cgiurl->authority ne $baseurl->authority) {
+                       if ($cgiurl->scheme eq 'https' &&
+                               $baseurl->scheme eq 'http') {
+                               # We assume that the same content is available
+                               # over both http and https, because if it
+                               # wasn't, accessing the static content
+                               # from the CGI would be mixed-content,
+                               # which would be a security flaw.
+
+                               if ($cgiurl->authority ne $baseurl->authority) {
+                                       # use protocol-relative URL for
+                                       # static content
+                                       $local_url = "$config{url}/";
+                                       $local_url =~ s{^http://}{//};
+                               }
+                               # else use host-relative URL for static content
+
+                               # either way, CGI needs to be absolute
+                               $local_cgiurl = $config{cgiurl};
+                       }
+                       elsif ($cgiurl->scheme ne $baseurl->scheme) {
                                # too far apart, fall back to absolute URLs
                                $local_url = "$config{url}/";
                                $local_cgiurl = $config{cgiurl};
                        }
+                       elsif ($cgiurl->authority ne $baseurl->authority) {
+                               # slightly too far apart, fall back to
+                               # protocol-relative URLs
+                               $local_url = "$config{url}/";
+                               $local_url =~ s{^https?://}{//};
+                               $local_cgiurl = $config{cgiurl};
+                               $local_cgiurl =~ s{^https?://}{//};
+                       }
+                       # else keep host-relative URLs
                }
 
                $local_url =~ s{//$}{/};
@@ -2022,11 +2063,19 @@ sub template_depends ($$;@) {
        if (defined $page && defined $tpage) {
                add_depends($page, $tpage);
        }
-       
+
        my @opts=(
                filter => sub {
                        my $text_ref = shift;
                        ${$text_ref} = decode_utf8(${$text_ref});
+                       run_hooks(readtemplate => sub {
+                               ${$text_ref} = shift->(
+                                       id => $name,
+                                       page => $tpage,
+                                       content => ${$text_ref},
+                                       untrusted => $untrusted,
+                               );
+                       });
                },
                loop_context_vars => 1,
                die_on_bad_params => 0,
@@ -2638,6 +2687,9 @@ sub influences {
 # { bar => DEPEND_LINKS } is an influence on that result, because changing
 # bar's links could change the outcome; so its influences are not the same
 # as when testing whether link(foo) matches baz.
+#
+# Static influences are one of the things that make pagespec_match_list
+# more efficient than repeated calls to pagespec_match.
 
 sub influences_static {
        return ! $_[0][1]->{""};