Page MenuHomePhabricator

Serve cache control headers for static resources on paymentswiki
Open, MediumPublic2 Estimated Story Points

Description

For example, https://payments.wikimedia.org/extensions/DonationInterface/gateway_forms/includes/card-visa.png

Response headers are,

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 19112
Content-Type: image/png
Date: Thu, 01 Oct 2015 19:19:50 GMT
Etag: "241706-4aa8-50931bfc59dc0"
Last-Modified: Tue, 02 Dec 2014 01:35:59 GMT
Server: nginx
strict-transport-security: max-age=15552000

Without a cache-control header, the browser has to make a request for all the images and wait for the HTTP 304 response when the page is reloaded.

Event Timeline

awight raised the priority of this task from to Medium.
awight updated the task description. (Show Details)
awight added a subscriber: awight.
DStrine edited a custom field.
DStrine moved this task from Triage to Q4 2020-2021 on the Fundraising-Backlog board.
Jgreen changed the task status from Open to Stalled.Aug 17 2018, 7:27 PM

Going to the static resources https://donate.wikimedia.org/static/images/project-logos/donatewiki.png the response headers include a line
cache-control: max-age=31536000

Hence assuming this is resolved. If I misunderstood, please reopen. (Also, this task should not have been marked as "stalled" because there is no reason provided.)

(Ah, though not sure if donate.wikimedia.org == payments.wikimedia.org? I got redirected...)

@Aklapper donate.wikimedia.org is a production-cluster wiki that hosts fundraising-related landing pages, thank you pages, and first-step donation forms with suggested amounts. The donor can choose an amount and a general payment method (card/paypal/bank transfer) and is then redirected to payments-wiki.

payments.wikimedia.org is hosted on the fundraising cluster 'frack' and is in PCI-scope (meaning access is much more restricted). It shouldn't be a wiki at all, but because the DonationInterface code was written as a MediaWiki extension it is. DonationInterface collects the donor's personal information and then shows them the card entry or other payment-processor hosted form via iframe or redirect. When the donor returns from the payment processor we finish the transaction on payments-wiki then redirect the donor to the thank you page hosted on donate-wiki.

If you navigate directly to payments-wiki without the querystring values necessary to initiate a payment, you are redirected to the initial forms on donate-wiki.

The payments-wiki headers still don't include cache-control. Reopening.

There's a new path for the image: https://payments.wikimedia.org/extensions/DonationInterface/gateway_forms/includes/card-visa-lg.png

Server: nginx
Date: Thu, 14 May 2020 15:47:32 GMT
Content-Type: image/png
Content-Length: 977
Connection: keep-alive
Last-Modified: Fri, 01 Feb 2019 03:08:53 GMT
ETag: "3d1-580cc767af173"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https:
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Thanks for the correction, and sorry for misunderstanding!