Page MenuHomePhabricator
Create Task
Maniphest T279120

Make index.php?action=raw CDN cacheable for both logged-in and logged-out for import script use case
Open, MediumPublic
Actions

Assigned To
None
Authored By
Krinkle
Apr 1 2021, 11:55 PM
Tags
Referenced Files
None
Subscribers
Aklapper
ArielGlenn
bd808
DannyS712
Jdforrester-WMF
Krinkle
Legoktm
Zabe

Description

When scripts load cross-domain from load.php (e.g. enwiki loading a gadget from mediawiki.org and a GlobalCssJs script from Meta-Wiki), everything works great. It is well-cached. It's secure (only public stuff is served). And it emits the proper headers to allow browsers to report errors with full details, because the CORS headers we emit from load.php basically tell browsers that we ignored any cookies the user might have and that they do not affect the source code, and thus it is okay to tell en.wikipedia.org (or third party domains) about any strings or other content within the scripts we serve.

But, for index.php?action=raw this is not the case.

When loading it plainly as a <script src=…> across domains, it is allowed to run but is treated as authenticated cross-domain content, similar to how hotlinked images are treated by default. They are allowed to download and run, but no details about the network transfer or the script content are meant to leak.

Also, when logged-in, the scripts are never cached as precaution since on private wikis these could contain non-public details.

Objective

In the common case of any user (logged-in or not) on public wiki A importing a known publicly-visible revision from public wiki B, as a script, the browser should emit Access-Control-Allow-Origin: * so that stack traces are not redacted by the browser.

It'd be nice if we can also make it so that these can be cached for logged-in users, but that's a stretch goal and probably not feasible without VCL changes in the WMF traffic edge, which probably isn't worth it. We do still allow the browser to cache them locally and use If-Not-Modified/304 checks to reduce transfers.

See also:

Details

SubjectRepoBranchLines +/-
RawAction: Use CDN maxage, remove wgForcedRawSMaxage, ignore maxage/smaxagemediawiki/coremaster+43 -35
RawAction: Handle 40x errors earlier in the codemediawiki/coremaster+52 -53
RawAction: Ignore 'gen' query parameter for Content-Typemediawiki/coremaster+0 -10
RawAction: Simplify and stricten the $privateCache checkmediawiki/coremaster+27 -7
Customize query in gerrit

Related Objects

Event Timeline

Krinkle created this task.Apr 1 2021, 11:55 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 1 2021, 11:55 PM
Krinkle added a comment.Apr 2 2021, 12:13 AM

Anecdotally it seems we briefly considered removing this endpoint in 2011 (r89398, reverted in r89399). Given its necessity for importing user scripts (at least until Gadgets 3.0), this probably still not viable. However, we could consider stripping it down significantly.

For example, we could remove:

  • support for maxage and smaxage parameters. (We already cache by default, and limit the amount of caching, and purge canonical importScript-made URLs. There is no need for anyone to shorten their own cache, or to ask to increase it which we automatically ignore).
  • support for content besides js or css. (Use API for general wikitext/source retrieval.)
  • support for non-public revisions. (Use API for general wikitext/source retrieval.)
  • support for oldid parameter. (Use API for general wikitext/source retrieval.)
DannyS712 subscribed.Apr 2 2021, 12:38 AM
gerritbot added a comment.Apr 2 2021, 6:42 PM

Change 676646 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/core@master] RawAction: Simplify and stricten the $privateCache check

https://gerrit.wikimedia.org/r/676646

gerritbot added a project: Patch-For-Review.Apr 2 2021, 6:42 PM

Change 676647 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/core@master] RawAction: Ignore 'gen' query parameter for Content-Type

https://gerrit.wikimedia.org/r/676647

gerritbot added a comment.Apr 2 2021, 6:42 PM

Change 676648 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/core@master] RawAction: Handle 40x errors earlier in the code

https://gerrit.wikimedia.org/r/676648

gerritbot added a comment.Apr 2 2021, 6:42 PM

Change 676649 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/core@master] RawAction: Use CDN maxage, remove wgForcedRawSMaxage, ignore maxage/smaxage

https://gerrit.wikimedia.org/r/676649

Krinkle added subscribers: ArielGlenn, Legoktm.Apr 2 2021, 6:43 PM
ArielGlenn added a project: User-ArielGlenn.Apr 2 2021, 6:47 PM
Krinkle added a comment.Apr 2 2021, 7:33 PM

Random note:

… at WMF, about 30% of action=raw is spent computing EchoSeenTime, because of RawAction re-using OutputPage::checkLastModified, which Echo hooks into to decide whether to miss the browser cache to show you an Echo bell - except those don't appear on things like action=raw or action=render.

Krinkle mentioned this in T178060: RawAction should set proper Content-Type header.Apr 2 2021, 10:36 PM
Krinkle mentioned this in T279213: RawAction action=raw spends significant time in EchoSeenTime (via EchoHooks::onOutputPageCheckLastModified).
sbassett moved this task from Incoming to Watching on the Security-Team board.Apr 5 2021, 3:33 PM
sbassett added a project: SecTeam-Processed.
Krinkle moved this task from Inbox, needs triage to Radar on the Performance-Team board.Apr 5 2021, 7:24 PM
Krinkle edited projects, added Performance-Team (Radar); removed Performance-Team.
Legoktm added a comment.Apr 6 2021, 6:17 AM

It would be good to have usage statistics and go through the API deprecation process for any breaking changes because action=raw effectively is an API. There are some legacy bots (including a few run by yours truly :() that still use it because at the time they were written, it was the most straightforward way to get wikitext.

Krinkle added a comment.Apr 6 2021, 3:35 PM

@Legoktm Sounds good yeah, let's do that. To confirm - this bot uses it to obtain the latest public plain unparsed wikitext, not e.g. for private wikis, deleted revisions, or with preprocessed template expansion? (Those are the features I'd like to deprecate, but not sure it is actually needed for this task specifically.)

Krinkle moved this task from Limbo to Perf recommendation on the Performance-Team (Radar) board.Apr 20 2021, 8:04 PM
Krinkle mentioned this in T285210: High frequency warning logged in production: Cookies set on {url} with Cache-Control "{cache-control}".Jun 21 2021, 6:23 PM
bd808 subscribed.Nov 4 2021, 3:59 PM
Krinkle edited projects, added Performance-Team; removed Performance-Team (Radar).Feb 5 2022, 4:45 AM
Krinkle moved this task from Inbox, needs triage to To-do: Goals, prioritized next 4 Quarters on the Performance-Team board.
sbassett removed a project: Security-Team.Feb 16 2022, 6:30 PM
Krinkle mentioned this in T304362: Pageview definition relies on X-Analytics to determine special pages.Apr 16 2022, 12:25 AM
Krinkle updated the task description. (Show Details)Aug 6 2022, 12:36 AM
Krinkle moved this task from To-do: Goals, prioritized next 4 Quarters to Backlog: Maintenance, non-prioritized on the Performance-Team board.Oct 4 2022, 8:36 PM
Krinkle renamed this task from Misc changes to index.php?action=raw for perf and error logging to Make index.php?action=raw CDN cacheable for both logged-in and logged-out for import script use case.Oct 4 2022, 8:39 PM
Krinkle triaged this task as Medium priority.
Zabe subscribed.Oct 4 2022, 8:41 PM
Aklapper edited projects, added Instrument-ClientError; removed DoNotUse---Instrument-ClientError.Nov 24 2022, 1:55 PM
Krinkle mentioned this in T324910: Slot-aware action 'raw'.Dec 20 2022, 5:44 PM
Jdforrester-WMF subscribed.Jul 18 2023, 12:15 PM
Krinkle mentioned this in T71460: action=raw should allow public HTTP caching where possible.Jul 20 2023, 3:03 AM
Krinkle mentioned this in T344638: Abilty to load compacted versions of javascript and css pages.Sep 20 2023, 10:56 PM
Krinkle edited projects, added Wikimedia-Performance-recommendation; removed Instrument-ClientError, Performance-Team.Mar 26 2024, 2:04 AM
Krinkle mentioned this in T358834: Way to load minified versions of user scripts.Apr 22 2024, 6:07 PM
Krinkle added a project: Wikimedia-Hackathon-2024.Apr 22 2024, 6:11 PM
Krinkle moved this task from Backlog to Hacking projects on the Wikimedia-Hackathon-2024 board.
larissagaulia added a project: MediaWiki-core-Hackathon-2024.Apr 23 2024, 4:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits
  NODES
Note 2
Project 12
USERS 1