No variables used in the script so lower bootstrap level is needed

Related #2023495: Make bootstrap three steps

CommentFileSizeAuthor
#5 stats-boot.patch1.32 KBandypost
#3 stats-boot.patch1.34 KBandypost
stats-boot.patch1.49 KBandypost

Comments

mtift’s picture

mtift
he/him
Primary language English
Location Minnesota, USA
commented
Issue tags: -Configuration system

Not part of CMI

moshe weitzman’s picture

moshe weitzman commented
Issue summary: View changes
Status: Needs review » Needs work

DRUPAL_BOOTSTRAP_DATABASE is gone. Maybe try one earlier?

andypost’s picture

andypost
he/him
Primary language Russian
commented
Title: statistics.php needs just DRUPAL_BOOTSTRAP_DATABASE level » statistics.php needs a lower bootstrap level
Status: Needs work » Needs review
StatusFileSize
new stats-boot.patch1.34 KB

Let's see, at least cache and database are needed

sun’s picture

sun
Primary language German
Location Karlsruhe
commented

I'd go with DRUPAL_BOOTSTRAP_PAGE_CACHE for now, which is directly before _VARIABLES, so you don't have to manually include cache.inc and database.inc.

andypost’s picture

andypost
he/him
Primary language Russian
commented
StatusFileSize
new stats-boot.patch1.32 KB

I see no any reason to disturb page cache at all, this works on kernel

andypost’s picture

andypost
he/him
Primary language Russian
commented

The only question is - do we able to override this request by kernel only.

moshe weitzman’s picture

moshe weitzman commented

Nice patch.

Your question doesn't quite parse for me. Care to rephrase it?

sun’s picture

sun
Primary language German
Location Karlsruhe
commented
Status: Needs review » Reviewed & tested by the community

KERNEL works, too.

andypost’s picture

andypost
he/him
Primary language Russian
commented

The question was about ability to override this dumb implementation in contrib to be more performant.
Because better to check that node exists and find some way to protect 'statistics.php'

moshe weitzman’s picture

moshe weitzman commented

Ah right. Yes, I expect that some js_alter would let you change the ajax callback to a different route.

Protecting statistics.php might be best done outside of PHP like in .htaccess or similar. But really someone can hit your node page 100 times in a row so it would be natural that statistics.php gets hit 100 times as well. If you don't protect the node page, why would you protect the statistics.php page? DOS protection is best done with Cloudflare, Akamai, etc.

catch’s picture

catch
he/him
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 8.x, thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.