Page MenuHomePhabricator
Create Task
Maniphest T108101

Isolate wikidata.org cookies and CORS policies
Closed, ResolvedPublic
Actions

Description

If we're deploying wqds to a wikidata.org subdomain,

  • cookies for the domain need to be set for explicit subdomains that need them
  • CORS policy needs to be updated to whitelist only subdomains that need it

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Isolate wikidata.org cookies and CORS policiesoperations/mediawiki-configmaster+3 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

csteipp created this task.Aug 5 2015, 9:02 PM
csteipp raised the priority of this task from to Medium.
csteipp updated the task description. (Show Details)
csteipp added projects: Wikidata-Query-Service, Wikidata, Discovery-ARCHIVED.
csteipp added subscribers: JohnLewis, hoo, GWicke and 23 others.
Smalyshev added a project: Discovery-Wikidata-Query-Service-Sprint.Aug 5 2015, 10:35 PM
Smalyshev set Security to None.
MrStradivarius unsubscribed.Aug 6 2015, 4:04 PM
Smalyshev raised the priority of this task from Medium to High.Aug 6 2015, 8:13 PM
Lydia_Pintscher moved this task from incoming to monitoring on the Wikidata board.Aug 7 2015, 4:29 PM
gerritbot added a comment.Aug 7 2015, 10:49 PM

Change 230247 had a related patch set uploaded (by Legoktm):
Isolate wikidata.org cookies and CORS policies

https://gerrit.wikimedia.org/r/230247

gerritbot added a project: Patch-For-Review.Aug 7 2015, 10:49 PM
Smalyshev added a parent task: T90115: BlazeGraph Security Review.Aug 12 2015, 12:04 AM
csteipp mentioned this in T90115: BlazeGraph Security Review.Aug 12 2015, 8:20 PM
gerritbot added a comment.Aug 12 2015, 11:01 PM

Change 230247 merged by jenkins-bot:
Isolate wikidata.org cookies and CORS policies

https://gerrit.wikimedia.org/r/230247

Legoktm mentioned this in rOMWC0275738d2d10: Isolate wikidata.org cookies and CORS policies.Aug 12 2015, 11:02 PM
Legoktm closed this task as Resolved.Aug 12 2015, 11:05 PM
Legoktm claimed this task.

Deployed. I'll send a heads-up to wikidata-tech about this change.

Legoktm added a comment.Aug 12 2015, 11:14 PM

https://lists.wikimedia.org/pipermail/wikidata-tech/2015-August/000813.html

Smalyshev moved this task from Backlog to Done on the Discovery-Wikidata-Query-Service-Sprint board.Aug 12 2015, 11:30 PM
jeremyb-phone added a subscriber: jeremyb.Aug 13 2015, 12:28 PM
JanZerebecki reopened this task as Open.Aug 14 2015, 12:39 PM

It seems we forgot about m.wikidata.org .

csteipp added a comment.Aug 14 2015, 2:46 PM

m.wikidata.org will get fixed with a general mobile fix-- it should already
work for non-js browsers. I just haven't had the time to put in the js fix,
but if wikidata is getting significant mobile traffic, I can up the
priority of that.

Lydia_Pintscher added a comment.Aug 14 2015, 3:08 PM

It does not right now but that will hopefully change in the next month depending on Bene's work during his internship. He'll make the mobile version work better so we can hopefully then switch to redirecting people on mobile there by default.

JanZerebecki moved this task from monitoring to ready to go on the Wikidata board.Aug 14 2015, 5:22 PM
JanZerebecki moved this task from ready to go to consider for next sprint on the Wikidata board.
csteipp added a comment.Aug 14 2015, 6:51 PM

Thanks Lydia. T100413 is the task for that work.

Lydia_Pintscher moved this task from consider for next sprint to ready to go on the Wikidata board.Aug 17 2015, 1:23 PM
Smalyshev removed projects: Discovery-Wikidata-Query-Service-Sprint, Discovery-ARCHIVED, Wikidata-Query-Service.Aug 20 2015, 6:49 PM
Legoktm removed Legoktm as the assignee of this task.Sep 7 2015, 5:02 AM
JanZerebecki added a subtask: T100413: "You are centrally logged in." toast on every page view on commons.Sep 10 2015, 11:54 AM
JanZerebecki moved this task from ready to go to blocked on others on the Wikidata board.
JanZerebecki removed a subtask: T100413: "You are centrally logged in." toast on every page view on commons.Sep 10 2015, 11:57 AM
JanZerebecki closed this task as Resolved.Sep 10 2015, 12:01 PM

The m.wikidata.org regression is tracked in T112087.

hoo closed subtask T112087: [Bug] m.wikidata.org is not CORS whitelisted as Resolved.Sep 16 2015, 3:10 PM
Jonas mentioned this in T138214: CORS policies should allow scripts from query.wikidata.org to edit www.wikidata.org.Jun 20 2016, 12:09 PM
Lucas_Werkmeister_WMDE mentioned this in T218568: Allow CORS from query.wikidata.org to production wikis.Mar 18 2019, 1:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits