Page MenuHomePhabricator
Create Task
Maniphest T100984

Standardise HttpStatus header handling
Closed, ResolvedPublic
Actions

Description

MediaWiki contains a dozen of variations on how to set the HTTP status code.

WebResponse->header( "HTTP/1.1 $code $message" );
WebResponse->header( "HTTP/1.1 302 " . HttpStatus::getMessage( 302 ) );

WebResponse->header( "HTTP/1.1 $code $message", true, $code );
WebResponse->header( "HTTP/1.1 403 $message", true, 403 );

header( "Status: $code $message", true, $code );
header( "Status: " . $this->mResponseCode, true, (int)$n );
header( "Status: {$this->httpCode} {$httpMessage}", true, $this->httpCode );

.. and many more.

Related Objects

Event Timeline

Krinkle created this task.Jun 1 2015, 1:55 PM
Krinkle claimed this task.
Krinkle raised the priority of this task from to Normal.
Krinkle updated the task description. (Show Details)
Krinkle added projects: MediaWiki-General, MW-1.26-release, Librarization.
Krinkle added subscribers: Krinkle, tstarling, bd808.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2015, 1:55 PM
gerritbot added a subscriber: gerritbot.Jun 1 2015, 2:57 PM

Change 215031 had a related patch set uploaded (by Krinkle):
exception: Use standard message for HTTP status 500

https://gerrit.wikimedia.org/r/215031

Krinkle added a comment.EditedJun 1 2015, 3:25 PM

I've done a bit of research to see how these are handled.

Using curl -i 'http://localhost/tmp.php'

Test conditions:

  • PHP 5.6.9 (Zend)
  • Apache 2.4 (mod_php5)
  • OS X 10.10 Yosemite
  • MacBook Pro
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.0 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.0 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Passed.
  • Custom message: Passed.

Test conditions:

  • PHP 5.3.10 (Zend)
  • Apache 2.2 (mod_php5)
  • Ubuntu 12.04 Precise
  • Wikimedia Labs instance
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Forbidden

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.1 403 Forbidden

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Forbidden

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Forbidden

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.1 403 Forbidden

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Forbidden

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Ignored.
  • Custom message: Ignored.

Test conditions:

  • PHP/5.5.9-1ubuntu4.9 (Zend)
  • Apache 2.4 (mod_php5)
  • Ubuntu 14 Trusty
  • Wikimedia Labs instance
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.0 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.0 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Passed.
  • Custom message: Passed.

Test conditions:

  • HHVM/3.6.1
  • Apache
  • Ubuntu 14.04 Trusty
  • mw1017.eqiad.wmnet
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.1 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Ignored.
  • Custom message: Passed.
bd808 added a comment.Jun 1 2015, 3:47 PM

I'm not sure that this has anything to do with Librarization unless there is a 3rd party library that you want to pull in to help with standardizing this or a library is somehow going to be extracted from MW and published.

+1 for cleaning this up however and making some uniform and simple way to set the response code.

Parent5446 added a subscriber: Parent5446.Jun 1 2015, 4:22 PM

First, agreed with @bd808, and to add on to that, it would make a lot more sense to just use a third-party library for this functionality in the first place, but of course that would require more cleanup work rather than quick hack.

Anomie added a subscriber: Anomie.Jun 1 2015, 4:26 PM
In T100984#1326036, @Krinkle wrote:
  • PHP 5.6.9 (Zend)

[...]

  • PHP 5.3.10 (Zend)

Tests against HHVM to make sure they didn't do anything differently here?

Parent5446 added a comment.Jun 1 2015, 4:28 PM

Also, were these tests run with PHP-FPM or some other FastCGI server?

gerritbot added a comment.Jun 3 2015, 2:58 AM

Change 215031 merged by jenkins-bot:
exception: Use standard message for HTTP status 500

https://gerrit.wikimedia.org/r/215031

Krinkle closed this task as Resolved.Jun 4 2015, 10:04 PM
Krinkle added a comment.Jun 4 2015, 10:47 PM
In T100984#1326227, @Anomie wrote:
In T100984#1326036, @Krinkle wrote:
  • PHP 5.6.9 (Zend)

[...]

  • PHP 5.3.10 (Zend)

Tests against HHVM to make sure they didn't do anything differently here?

Good point. I've updated the original comment with results from HHVM and PHP 5.5 (as used by Wikimedia). No unexpected behaviour.

bd808 moved this task from Untriaged to Done on the Librarization board.Jul 22 2015, 11:16 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL