Contrib.social

A read only mode so that the security team could potentially recommend a course of action for sites that cannot be updated at the very moment a security fix is released

Open on Drupal.org β†’
Created on 29 March 2018, about 7 years ago
Updated 28 May 2025, 10 days ago

Problem/Motivation

Security issues occur. Security update will be made available at specific times. Not every Drupal user has a 24/7 SLA in place. Sometime people run sites for fun and go on holiday to remote Scottish islands and don't know if they will have internet. Drupal could provide an easy way to put a site into read only mode.

Prior art: https://www.drupal.org/project/readonlymode β†’

Proposed resolution

There are a couple of options:

Option 1: Read only mode

Add a read only module or mode to core or just make it part of system. When enabled the module will redirect all non-safe requests to a read only page whose message can be configured by an administrator and translated via Configuration translation. The module will also strip all user content apart from the url path from the incoming request to prevent attacks where something is possible with query string parameters or cookies.

As noted by @fago this approach currently has the downside or breaking pagers and basic search. We could allow the the page or keys query parameter through after type checking them. However allowing any input is bound to make this mode less secure.

This works via a new state variable that contains a timestamp when in operation. It is a timestamp so that users can schedule a future time when the site becomes read only.

How this differs from maintenance mode

  1. Anonymous users can still still any content they are supposed to. This is one of the purposes of the read only mode - to still provide a working site if a user is not submitting data to it.
  2. No one can login until the mode has been disabled. The user that enables the mode is provided a special link with a token that can disable the mode.

Option 2: Add a site lock option to maintenance mode

Allow the user to further lock the site in maintenance mode and redirect to the maintenance page for all non-cached pages apart from a single page that unlocks the site if you have the right token. In a way this is what option 1 + maintenance mode would be like.

How this differs from maintenance mode

  1. No one can login until the lock has been disabled. The user that enables the lock is provided a special link with a token that can disable the lock.

Remaining tasks

User interface changes

New admin form
Maybe new module

API changes

New service to generate tokens for disabling the read only mode

Data model changes

None

✨ Feature request
Status

Needs review

Version

11.0 πŸ”₯

Component

base system

Created by

πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 10 days ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone

    The Ideas project is being deprecated. This issue is moved to the Drupal project. Check that the selected component is correct. Also, add the relevant tags, especially any 'needs manager review' tags.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024