If you set a MediaWiki install with VisualEditor installed to be private, it will die on the spot.

What I mean is that if you set the wiki to require a logon to even view the content (a completely private wiki) and you have VisualEditor installed, then all pages will return a 500 Server Error.

The fix that we found that works most easily is the “Forwarding Cookies to Parsoid” solution here:

Linking with Parsoid in private wikis

which means in reality to just one line to LocalSettings.php. The comments are also helpful, to clarify the issues involved:

// Forward users' Cookie: headers to Parsoid. Required for private wikis (login required to read).
// If the wiki is not private (i.e. $wgGroupPermissions['*']['read'] is true) this configuration
// variable will be ignored.
//
// WARNING: ONLY enable this on private wikis and ONLY IF you understand the SECURITY IMPLICATIONS
// of sending Cookie headers to Parsoid over HTTP. For security reasons, it is strongly recommended
// that $wgVirtualRestConfig['modules']['parsoid']['url'] be pointed to localhost if this setting is enabled.
$wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true;

If the security implications are acceptable, then this works perfectly. They write on that page referenced above this warning

ONLY enable this on private wikis served over HTTP and ONLY IF you understand the SECURITY IMPLICATIONS of sending Cookie headers to Parsoid over HTTP!

Leave a Reply

Your email address will not be published.