From: Paul Wise <pabs@debian.org>
Date: Sat, 3 Aug 2019 02:23:04 +0000 (+0800)
Subject: Add basic support for influencing language selection via cookies.
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=eef0d1229a8d2627ffc8663eda9bd2d68a0ef09c;p=mirror%2Fdsa-puppet.git

Add basic support for influencing language selection via cookies.

The UI for language selection in browsers is rarely used or known about
by visitors so websites need to provide a way for visitors to influence
content negotiation using the website itself in addition to the browser.

Setting a cookie is the simplest option for us as the URLs don't change.

The GDPR does not apply and to satisfy the EU cookie law we can include
some explanatory text around the form that sets the cookie.

Visitors should not get their language cookie changed when other folks link
them to URLs for other languages and search engines should not set language
cookies at all. Using POST requests ensures each cookie is only set explictly.

Since Apache mod_rewrite cannot inspect POST data, we use URLs instead.

The default cookie lifetime is about one month (60*24*7*4 minutes).

<CAKTje6EzfE89jBqpLQu1_a3ybYkV7pPcquKzQb6Uz8uu=pGudA@mail.gmail.com>
<f849fde79a325422af9a9553f6672a96382ae262.camel@debian.org>
https://httpd.apache.org/docs/current/content-negotiation.html#exceptions
---

diff --git a/modules/roles/templates/apache-www.debian.org.erb b/modules/roles/templates/apache-www.debian.org.erb
index d221e0cc8..e673afdea 100644
--- a/modules/roles/templates/apache-www.debian.org.erb
+++ b/modules/roles/templates/apache-www.debian.org.erb
@@ -130,6 +130,22 @@
    # this behavior, and proxies will be allowed to cache the documents.
    CacheNegotiatedDocs On
 
+   # The UI for language selection in browsers is rarely used or known about
+   # by visitors so websites need to provide a way for visitors to influence
+   # content negotiation using the website itself in addition to the browser.
+   # Setting a cookie is the simplest option for us as the URLs don't change.
+   # The GDPR does not apply and to satisfy the EU cookie law we can include
+   # some explanatory text around the form that sets the cookie.
+   # The use of POST requests will ensure each cookie is only set explictly.
+   # Since Apache mod_rewrite cannot inspect POST data, we use URLs instead.
+   RewriteEngine on
+   RewriteCond %{REQUEST_METHOD} ^POST$
+   RewriteRule /intro/cn/setlang/([a-z]{2}(?:-[a-z]{2})?)/(.*) /$2 [last,redirect,cookie=lang:$1:www.debian.org:40320:/:secure:]
+   RewriteCond %{REQUEST_METHOD} ^POST$
+   RewriteRule /intro/cn/unsetlang/(.*) /$2 [last,redirect,cookie=lang:invalid:www.debian.org:-1:/:secure:]
+   SetEnvIf Cookie "lang=(.+)" prefer-language=$1
+   Header append Vary cookie
+
 # Custom Error
    ErrorDocument 404 /devel/website/errors/404
    RewriteCond %{DOCUMENT_ROOT}/devel/website/errors/404.$2.html -f
@@ -145,7 +161,6 @@
 #   Redirect /OpenHardware http://www.openhardware.org
    Redirect /OpenSource https://opensource.org
    Redirect /Bugs/db/ix/pseudopackages.html /Bugs/pseudo-packages
-   RewriteEngine on
    RewriteRule ^/Bugs/db/pa/l([^/]+).html$ https://bugs.debian.org/$1
    RewriteRule ^/Bugs/db/[[:digit:]][[:digit:]]/([[:digit:]][[:digit:]][[:digit:]]+).html$ https://bugs.debian.org/$1
    RewriteRule ^/Bugs/db/ma/l([^/]+).html$ https://bugs.debian.org/cgi-bin/pkgreport.cgi?maintenc=$1