Page MenuHomePhabricator

Standardise HttpStatus header handling
Closed, ResolvedPublic

Description

MediaWiki contains a dozen of variations on how to set the HTTP status code.

WebResponse->header( "HTTP/1.1 $code $message" );
WebResponse->header( "HTTP/1.1 302 " . HttpStatus::getMessage( 302 ) );

WebResponse->header( "HTTP/1.1 $code $message", true, $code );
WebResponse->header( "HTTP/1.1 403 $message", true, 403 );

header( "Status: $code $message", true, $code );
header( "Status: " . $this->mResponseCode, true, (int)$n );
header( "Status: {$this->httpCode} {$httpMessage}", true, $this->httpCode );

.. and many more.

Event Timeline

Krinkle created this task.Jun 1 2015, 1:55 PM
Krinkle claimed this task.
Krinkle raised the priority of this task from to Normal.
Krinkle updated the task description. (Show Details)
Krinkle added subscribers: Krinkle, tstarling, bd808.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2015, 1:55 PM

Change 215031 had a related patch set uploaded (by Krinkle):
exception: Use standard message for HTTP status 500

https://gerrit.wikimedia.org/r/215031

Krinkle added a comment.EditedJun 1 2015, 3:25 PM

I've done a bit of research to see how these are handled.

Using curl -i 'http://localhost/tmp.php'

Test conditions:

  • PHP 5.6.9 (Zend)
  • Apache 2.4 (mod_php5)
  • OS X 10.10 Yosemite
  • MacBook Pro
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.0 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.0 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Passed.
  • Custom message: Passed.

Test conditions:

  • PHP 5.3.10 (Zend)
  • Apache 2.2 (mod_php5)
  • Ubuntu 12.04 Precise
  • Wikimedia Labs instance
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Forbidden

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.1 403 Forbidden

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Forbidden

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Forbidden

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.1 403 Forbidden

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Forbidden

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Ignored.
  • Custom message: Ignored.

Test conditions:

  • PHP/5.5.9-1ubuntu4.9 (Zend)
  • Apache 2.4 (mod_php5)
  • Ubuntu 14 Trusty
  • Wikimedia Labs instance
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.0 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.0 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Passed.
  • Custom message: Passed.

Test conditions:

  • HHVM/3.6.1
  • Apache
  • Ubuntu 14.04 Trusty
  • mw1017.eqiad.wmnet
1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.1 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

  • Invalid protocol version: Normalised to 1.1.
  • Different protocol version: Ignored.
  • Custom message: Passed.
bd808 added a comment.Jun 1 2015, 3:47 PM

I'm not sure that this has anything to do with Librarization unless there is a 3rd party library that you want to pull in to help with standardizing this or a library is somehow going to be extracted from MW and published.

+1 for cleaning this up however and making some uniform and simple way to set the response code.

First, agreed with @bd808, and to add on to that, it would make a lot more sense to just use a third-party library for this functionality in the first place, but of course that would require more cleanup work rather than quick hack.

Anomie added a subscriber: Anomie.Jun 1 2015, 4:26 PM
  • PHP 5.6.9 (Zend)

[...]

  • PHP 5.3.10 (Zend)

Tests against HHVM to make sure they didn't do anything differently here?

Also, were these tests run with PHP-FPM or some other FastCGI server?

Change 215031 merged by jenkins-bot:
exception: Use standard message for HTTP status 500

https://gerrit.wikimedia.org/r/215031

Krinkle closed this task as Resolved.Jun 4 2015, 10:04 PM
  • PHP 5.6.9 (Zend)

[...]

  • PHP 5.3.10 (Zend)

Tests against HHVM to make sure they didn't do anything differently here?

Good point. I've updated the original comment with results from HHVM and PHP 5.5 (as used by Wikimedia). No unexpected behaviour.

bd808 moved this task from Untriaged to Done on the Librarization board.Jul 22 2015, 11:16 PM