Page MenuHomePhabricator
Create Task
Maniphest T119325

Enable CORS for error responses from ORES
Closed, ResolvedPublic
Actions

Description

I'm getting this on itwiki when I visit the recent changes with ScoredRevisions enabled:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=76746562%7C76746557%7C76746552%7C76746549%7C76746544%7C76746543%7C76746538%7C76746537%7C76746536%7C76746531%7C76746530%7C76746529%7C76746528%7C76746524%7C76746519%7C76746518%7C76746515%7C76746514%7C76746512%7C76746510%7C76746507%7C76746501%7C76746499%7C76746495%7C76746491%7C76746490%7C76746485%7C76746483%7C76746482%7C76746481%7C76746480%7C76746477%7C76746470%7C76746469%7C76746466%7C76746462%7C76746458%7C76746456%7C76746455%7C76746448%7C76746444%7C76746429%7C76746428%7C76746427%7C76746418%7C76746408%7C76746406%7C76746404%7C76746389. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Accessing the link directly in the browser shows this response:

{
  "error": {
    "code": "server overloaded",
    "message": "Cannot process your request because the server is overloaded.  Try again in a few minutes."
  }
}

Details

SubjectRepoBranchLines +/-
ores: Enable CORS regardless of response codeoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

He7d3r created this task.Nov 22 2015, 11:25 AM
He7d3r raised the priority of this task from to Needs Triage.
He7d3r updated the task description. (Show Details)
He7d3r added projects: ORES, Machine-Learning-Team (Active Tasks).
He7d3r subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptNov 22 2015, 11:25 AM
Halfak edited projects, added Machine-Learning-Team; removed Machine-Learning-Team (Active Tasks).Mar 30 2016, 2:55 PM
Halfak moved this task from Unsorted to Maintenance/cleanup on the Machine-Learning-Team board.Mar 30 2016, 4:25 PM
Halfak subscribed.Mar 30 2016, 4:30 PM

Just ran a test and I was able to replicate this by

  1. Go to https://en.wikipedia.org
  2. Open dev console
  3. Paste $.ajax("https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=notanint")

In chrome, I get:

XMLHttpRequest cannot load https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=butts. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'https://en.wikipedia.org' is therefore not allowed access. The response had HTTP status code 400.

But if instead, I paste $.ajax("https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=123"), I get no error because the response is 200.

Halfak added a subscriber: yuvipanda.Mar 30 2016, 4:35 PM

Looks like this is what defines our CORS: https://github.com/wikimedia/operations-puppet/blob/production/modules/role/templates/ores/lb.nginx.erb

@yuvipanda originally set this up, so maybe he has an idea for why it doesn't work with non-200 responses.

Ladsgroup claimed this task.May 9 2016, 5:35 AM
Ladsgroup added a project: Wikilabels.

Same happens with Wikilabels. It's pretty easy to fix.

gerritbot subscribed.May 9 2016, 5:41 AM

Change 287566 had a related patch set uploaded (by Ladsgroup):
Enable CORS for ORES regardless of response code

https://gerrit.wikimedia.org/r/287566

gerritbot added a project: Patch-For-Review.May 9 2016, 5:41 AM
gerritbot added a comment.May 9 2016, 7:18 AM

Change 287566 merged by Yuvipanda:
ores: Enable CORS regardless of response code

https://gerrit.wikimedia.org/r/287566

Ladsgroup edited projects, added Machine-Learning-Team (Active Tasks); removed Patch-For-Review, Machine-Learning-Team.May 9 2016, 7:42 AM
Ladsgroup moved this task from Parked to Completed on the Machine-Learning-Team (Active Tasks) board.
Halfak closed this task as Resolved.May 10 2016, 8:44 PM
He7d3r added a comment.May 15 2016, 12:53 AM

:-)

yuvipanda mentioned this in rOPUP922e00209ffe: ores: Enable CORS regardless of response code.Jun 17 2016, 6:10 PM
Ladsgroup mentioned this in rOPUP3e4decfada0c: Enable CORS for ORES regardless of response code.Jun 17 2016, 6:10 PM
Phabricator_maintenance added a project: User-Ladsgroup.Aug 12 2016, 8:09 PM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits