Standardise HttpStatus header handling
Closed, ResolvedPublic
Actions

Description

MediaWiki contains a dozen of variations on how to set the HTTP status code.

WebResponse->header( "HTTP/1.1 $code $message" );
WebResponse->header( "HTTP/1.1 302 " . HttpStatus::getMessage( 302 ) );

WebResponse->header( "HTTP/1.1 $code $message", true, $code );
WebResponse->header( "HTTP/1.1 403 $message", true, 403 );

header( "Status: $code $message", true, $code );
header( "Status: " . $this->mResponseCode, true, (int)$n );
header( "Status: {$this->httpCode} {$httpMessage}", true, $this->httpCode );

.. and many more.

Details

	Project	Branch	Lines +/-	Subject
	mediawiki/core	master	+2 -2	exception: Use standard message for HTTP status 500

Customize query in gerrit

Related Objects

Mentioned In: rMWd01b5bc95cfd: exception: Use standard message for HTTP status 500

Event Timeline

Krinkle created this task.Jun 1 2015, 1:55 PM

Krinkle claimed this task.

Krinkle raised the priority of this task from to Medium.

Krinkle updated the task description. (Show Details)

Krinkle added projects: MediaWiki-General, MW-1.26-release, Librarization.

Krinkle added subscribers: Krinkle, tstarling, bd808.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2015, 1:55 PM

Change 215031 had a related patch set uploaded (by Krinkle):
exception: Use standard message for HTTP status 500

https://gerrit.wikimedia.org/r/215031

gerritbot added a project: Patch-For-Review.Jun 1 2015, 2:57 PM

I've done a bit of research to see how these are handled.

Using curl -i 'http://localhost/tmp.php'

Test conditions:

PHP 5.6.9 (Zend)
Apache 2.4 (mod_php5)
OS X 10.10 Yosemite
MacBook Pro

1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.0 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.0 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

Invalid protocol version: Normalised to 1.1.
Different protocol version: Passed.
Custom message: Passed.

Test conditions:

PHP 5.3.10 (Zend)
Apache 2.2 (mod_php5)
Ubuntu 12.04 Precise
Wikimedia Labs instance

1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Forbidden

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.1 403 Forbidden

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Forbidden

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Forbidden

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.1 403 Forbidden

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Forbidden

Conclusion:

Invalid protocol version: Normalised to 1.1.
Different protocol version: Ignored.
Custom message: Ignored.

Test conditions:

PHP/5.5.9-1ubuntu4.9 (Zend)
Apache 2.4 (mod_php5)
Ubuntu 14 Trusty
Wikimedia Labs instance

1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.0 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.0 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

Invalid protocol version: Normalised to 1.1.
Different protocol version: Passed.
Custom message: Passed.

Test conditions:

HHVM/3.6.1
Apache
Ubuntu 14.04 Trusty
mw1017.eqiad.wmnet

1. <?php header('HTTP/1.1 403 Funny');
> HTTP/1.1 403 Funny

2. <?php header('HTTP/1.0 403 Funny');
> HTTP/1.1 403 Funny

3. <?php header('HTTP/1.3 403 Funny');
> HTTP/1.1 403 Funny

4. <?php header('HTTP/1.x 403 Funny');
> HTTP/1.1 403 Funny

5. <?php header('HTTP/1.0 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

6. <?php header('HTTP/1.1 403 Not Found', true, 404);
> HTTP/1.1 403 Not Found

Conclusion:

Invalid protocol version: Normalised to 1.1.
Different protocol version: Ignored.
Custom message: Passed.

I'm not sure that this has anything to do with Librarization unless there is a 3rd party library that you want to pull in to help with standardizing this or a library is somehow going to be extracted from MW and published.

+1 for cleaning this up however and making some uniform and simple way to set the response code.

First, agreed with @bd808, and to add on to that, it would make a lot more sense to just use a third-party library for this functionality in the first place, but of course that would require more cleanup work rather than quick hack.

In T100984#1326036, @Krinkle wrote:

PHP 5.6.9 (Zend)

[...]

PHP 5.3.10 (Zend)

Tests against HHVM to make sure they didn't do anything differently here?

Also, were these tests run with PHP-FPM or some other FastCGI server?

Change 215031 merged by jenkins-bot:
exception: Use standard message for HTTP status 500

https://gerrit.wikimedia.org/r/215031

bd808 mentioned this in rMWd01b5bc95cfd: exception: Use standard message for HTTP status 500.Jun 3 2015, 2:58 AM

https://gerrit.wikimedia.org/r/215031 (branch master): MW-1.26-release, WMF-deploy-2015-06-09_(1.26wmf9)

Krinkle closed this task as Resolved.Jun 4 2015, 10:04 PM

In T100984#1326227, @Anomie wrote:

In T100984#1326036, @Krinkle wrote:

PHP 5.6.9 (Zend)

[...]

PHP 5.3.10 (Zend)

Tests against HHVM to make sure they didn't do anything differently here?

Good point. I've updated the original comment with results from HHVM and PHP 5.5 (as used by Wikimedia). No unexpected behaviour.

Legoktm removed a subscriber: Forrestbot.Jun 29 2015, 5:49 PM

bd808 moved this task from Untriaged to Done on the Librarization board.Jul 22 2015, 11:16 PM

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:42 PM

Standardise HttpStatus header handlingClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Standardise HttpStatus header handling
Closed, ResolvedPublic
Actions