Page MenuHomePhabricator
Create Task
Maniphest T103807

Wikidata use the wrong HTTP-code for content negotiation
Closed, InvalidPublic
Actions

Description

Not quite sure if the content negotiation is part of the extension or the site setup. I think it happen after the first hit on the Special:EntityData, and therefore is part of the extension.

During negotiation between the external client (as in web browser) and the repo the sequence is now HTTP 301 (secure connection) - HTTP 303 (address resolution) - HTTP 303 (content negotiation) - HTTP 200 (content delivery).

The response code for address resolution should be HTTP 303 See other (correct impl., Cool URIs for the Semantic Web) while content negotiation should be HTTP 302 Found (wrong impl., On Linking Alternative Representations To Enable Discovery And Publishing).

There are a lot of sites that use "HTTP 301 Moved permanently" and "HTTP 303 See other" for content negotiation, but "HTTP 302 Found" (also called "HTTP 302 Moved temporarily") is the correct one. See also HTTP/1.1: Status Code Definitions.

Server responses

john@heimdal:~/tmp$ wget -S www.wikidata.org/entity/Q36661
--2015-06-25 10:59:13--  http://www.wikidata.org/entity/Q36661
Slår opp vertsnavn www.wikidata.org (www.wikidata.org) … 91.198.174.192, 2620:0:862:ed1a::1
Kobler til www.wikidata.org (www.wikidata.org)|91.198.174.192|:80 … tilkoblet.
HTTP forespørsel sendt. Venter på svar … 
  HTTP/1.1 301 TLS Redirect
  Server: Varnish
  Location: https://www.wikidata.org/entity/Q36661
  Content-Length: 0
  Accept-Ranges: bytes
  Date: Thu, 25 Jun 2015 08:59:14 GMT
  X-Varnish: 1438332533
  Age: 0
  Via: 1.1 varnish
  Connection: close
  X-Cache: cp3008 frontend miss (0)
  Set-Cookie: GeoIP=NO:11:Lillehammer:61.1333:10.5000:v4; Path=/; Domain=.wikidata.org
  Set-Cookie: WMF-Last-Access=25-Jun-2015;Path=/;HttpOnly;Expires=Mon, 27 Jul 2015 00:00:00 GMT
Plassering: https://www.wikidata.org/entity/Q36661 [følgende]
--2015-06-25 10:59:14--  https://www.wikidata.org/entity/Q36661
Kobler til www.wikidata.org (www.wikidata.org)|91.198.174.192|:443 … tilkoblet.
HTTP forespørsel sendt. Venter på svar … 
  HTTP/1.1 303 See Other
  Server: nginx/1.9.2
  Date: Thu, 25 Jun 2015 08:59:14 GMT
  Content-Type: text/html; charset=iso-8859-1
  Content-Length: 262
  Connection: keep-alive
  X-Powered-By: HHVM/3.3.0-static
  Location: https://www.wikidata.org/wiki/Special:EntityData/Q36661
  X-Varnish: 2371060664, 1854837344, 134795471
  Via: 1.1 varnish, 1.1 varnish, 1.1 varnish
  Accept-Ranges: bytes
  Age: 0
  X-Cache: cp1053 miss (0), cp3041 miss (0), cp3041 frontend miss (0)
  Strict-Transport-Security: max-age=1209600
  X-Analytics: https=1;WMF-Last-Access=25-Jun-2015
Plassering: https://www.wikidata.org/wiki/Special:EntityData/Q36661 [følgende]
--2015-06-25 10:59:15--  https://www.wikidata.org/wiki/Special:EntityData/Q36661
Bruker etablert tilkobling til www.wikidata.org:443 på nytt.
HTTP forespørsel sendt. Venter på svar … 
  HTTP/1.1 303 See Other               <<== WRONG CODE
  Server: nginx/1.9.2
  Date: Thu, 25 Jun 2015 08:59:15 GMT
  Content-Type: text/html; charset=utf-8
  Transfer-Encoding: chunked
  Connection: keep-alive
  X-Powered-By: HHVM/3.6.1
  X-Content-Type-Options: nosniff
  Vary: Accept-Encoding,X-Forwarded-Proto,Cookie
  Expires: Thu, 01 Jan 1970 00:00:00 GMT
  Location: https://www.wikidata.org/wiki/Special:EntityData/Q36661.json
  Last-Modified: Thu, 25 Jun 2015 08:59:15 GMT
  X-Varnish: 2436456097, 3983484236, 134797070
  Via: 1.1 varnish, 1.1 varnish, 1.1 varnish
  Age: 0
  X-Cache: cp1067 miss (0), cp3005 miss (0), cp3041 frontend miss (0)
  Strict-Transport-Security: max-age=1209600
  Cache-Control: private, s-maxage=0, max-age=0, must-revalidate
  X-Analytics: https=1;WMF-Last-Access=25-Jun-2015
Plassering: https://www.wikidata.org/wiki/Special:EntityData/Q36661.json [følgende]
--2015-06-25 10:59:15--  https://www.wikidata.org/wiki/Special:EntityData/Q36661.json
Bruker etablert tilkobling til www.wikidata.org:443 på nytt.
HTTP forespørsel sendt. Venter på svar … 
  HTTP/1.1 200 OK
  Server: nginx/1.9.2
  Date: Thu, 25 Jun 2015 08:59:15 GMT
  Content-Type: application/json; charset=UTF-8
  Transfer-Encoding: chunked
  Connection: keep-alive
  X-Content-Type-Options: nosniff
  X-Powered-By: HHVM/3.6.1
  Access-Control-Allow-Origin: *
  X-Frame-Options: DENY
  Vary: Accept-Encoding
  Last-Modified: Sat, 13 Jun 2015 14:37:25 GMT
  X-Varnish: 2033080611, 3336853391, 134798470 125619796
  Via: 1.1 varnish, 1.1 varnish, 1.1 varnish
  Age: 1890
  X-Cache: cp1066 miss (0), cp3008 miss (0), cp3041 frontend hit (2)
  Strict-Transport-Security: max-age=1209600
  Cache-Control: private, s-maxage=0, max-age=0, must-revalidate
  X-Analytics: https=1;WMF-Last-Access=25-Jun-2015
Lengde: ikke angitt [application/json]
Lagrer til: «Q36661»

Related Objects

Event Timeline

jeblad created this task.Jun 25 2015, 9:53 AM
jeblad raised the priority of this task from to Needs Triage.
jeblad updated the task description. (Show Details)
jeblad added a project: MediaWiki-extensions-WikibaseRepository.
jeblad subscribed.
Restricted Application added a project: Wikidata. · View Herald TranscriptJun 25 2015, 9:53 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
jeblad updated the task description. (Show Details)Jun 25 2015, 9:57 AM
jeblad set Security to None.
Lydia_Pintscher moved this task from incoming to hold on the Wikidata board.Jun 26 2015, 11:14 AM
Lydia_Pintscher added subscribers: Lydia_Pintscher, daniel.
daniel closed this task as Invalid.Aug 25 2015, 2:51 PM
daniel claimed this task.

As per http://www.w3.org/TR/cooluris/#r303gendocument 303 is correct for content negotiation for linked data.

jeblad added a comment.Nov 24 2015, 10:11 AM

Sorry but you misunderstood. We are now sending 301 - 303 - 303 - 200 while the sequence should be 303 - 302 - 200. We are doing a content negotiation on a redirect. This is wrong. The correct code for _content_negotiation_ (ie content type for entity description) is 302. The correct one for _address_resolution_ (ie redirect for entity description) is 303.

Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptNov 24 2015, 10:11 AM
daniel added a comment.Nov 24 2015, 6:04 PM

@jeblad Section 4.3 of the W3C document disagrees with you: it clearly states that 303 can and should be used for content negotiation. How about this? T119536: wikidata.org/entity/Q12345 should do content negotiation immediately, instead of redirecting to wikidata.org/wiki/Special:EntityData/Q36661 first

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL