Page MenuHomePhabricator
Create Task
Maniphest T114404

Serve cache control headers for static resources on paymentswiki
Open, MediumPublic2 Estimated Story Points
Actions

Description

For example, https://payments.wikimedia.org/extensions/DonationInterface/gateway_forms/includes/card-visa.png

Response headers are,

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 19112
Content-Type: image/png
Date: Thu, 01 Oct 2015 19:19:50 GMT
Etag: "241706-4aa8-50931bfc59dc0"
Last-Modified: Tue, 02 Dec 2014 01:35:59 GMT
Server: nginx
strict-transport-security: max-age=15552000

Without a cache-control header, the browser has to make a request for all the images and wait for the HTTP 304 response when the page is reloaded.

Related Objects
Search...

Event Timeline

awight created this task.Oct 1 2015, 7:22 PM
awight raised the priority of this task from to Medium.
awight updated the task description. (Show Details)
awight added projects: Performance Issue, Fundraising-Backlog, fundraising-tech-ops.
awight subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 1 2015, 7:22 PM
DStrine set Security to None.Oct 13 2015, 5:36 PM
DStrine edited a custom field.
DStrine moved this task from Triage to Q3 2021-2022 on the Fundraising-Backlog board.
DStrine moved this task from Q3 2021-2022 to Q4 FY21-22 on the Fundraising-Backlog board.Nov 24 2015, 6:43 PM
mmodell removed a subscriber: awight.Jun 22 2017, 9:48 PM
Jgreen added a parent task: T140311: [Epic] Payments performance tuning.Jun 26 2017, 5:53 PM
Jgreen removed a project: fundraising-tech-ops.Sep 28 2017, 1:17 PM
Jgreen changed the task status from Open to Stalled.Aug 17 2018, 7:27 PM
DStrine moved this task from Q4 FY21-22 to FY 2022-2023 on the Fundraising-Backlog board.May 6 2019, 9:34 PM
Aklapper closed this task as Resolved.May 14 2020, 12:17 PM

Going to the static resources https://donate.wikimedia.org/static/images/project-logos/donatewiki.png the response headers include a line
cache-control: max-age=31536000

Hence assuming this is resolved. If I misunderstood, please reopen. (Also, this task should not have been marked as "stalled" because there is no reason provided.)

Aklapper added a comment.May 14 2020, 12:19 PM

(Ah, though not sure if donate.wikimedia.org == payments.wikimedia.org? I got redirected...)

Ejegg subscribed.EditedMay 14 2020, 3:44 PM

@Aklapper donate.wikimedia.org is a production-cluster wiki that hosts fundraising-related landing pages, thank you pages, and first-step donation forms with suggested amounts. The donor can choose an amount and a general payment method (card/paypal/bank transfer) and is then redirected to payments-wiki.

payments.wikimedia.org is hosted on the fundraising cluster 'frack' and is in PCI-scope (meaning access is much more restricted). It shouldn't be a wiki at all, but because the DonationInterface code was written as a MediaWiki extension it is. DonationInterface collects the donor's personal information and then shows them the card entry or other payment-processor hosted form via iframe or redirect. When the donor returns from the payment processor we finish the transaction on payments-wiki then redirect the donor to the thank you page hosted on donate-wiki.

If you navigate directly to payments-wiki without the querystring values necessary to initiate a payment, you are redirected to the initial forms on donate-wiki.

Ejegg reopened this task as Open.May 14 2020, 3:50 PM

The payments-wiki headers still don't include cache-control. Reopening.

There's a new path for the image: https://payments.wikimedia.org/extensions/DonationInterface/gateway_forms/includes/card-visa-lg.png

Server: nginx
Date: Thu, 14 May 2020 15:47:32 GMT
Content-Type: image/png
Content-Length: 977
Connection: keep-alive
Last-Modified: Fri, 01 Feb 2019 03:08:53 GMT
ETag: "3d1-580cc767af173"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https:
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Ejegg added a project: fundraising-tech-ops.May 14 2020, 3:52 PM
Aklapper added a comment.May 15 2020, 10:33 AM

Thanks for the correction, and sorry for misunderstanding!

Jgreen moved this task from Triage to Watching on the fundraising-tech-ops board.May 18 2020, 2:35 PM
Jgreen removed a project: fundraising-tech-ops.Feb 23 2021, 2:02 PM
XenoRyet moved this task from FY 2022-2023 to Unscheduled on the Fundraising-Backlog board.Mar 14 2023, 9:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL