Page MenuHomePhabricator

Enable CORS for error responses from ORES
Closed, ResolvedPublic

Description

I'm getting this on itwiki when I visit the recent changes with ScoredRevisions enabled:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=76746562%7C76746557%7C76746552%7C76746549%7C76746544%7C76746543%7C76746538%7C76746537%7C76746536%7C76746531%7C76746530%7C76746529%7C76746528%7C76746524%7C76746519%7C76746518%7C76746515%7C76746514%7C76746512%7C76746510%7C76746507%7C76746501%7C76746499%7C76746495%7C76746491%7C76746490%7C76746485%7C76746483%7C76746482%7C76746481%7C76746480%7C76746477%7C76746470%7C76746469%7C76746466%7C76746462%7C76746458%7C76746456%7C76746455%7C76746448%7C76746444%7C76746429%7C76746428%7C76746427%7C76746418%7C76746408%7C76746406%7C76746404%7C76746389. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Accessing the link directly in the browser shows this response:

{
  "error": {
    "code": "server overloaded",
    "message": "Cannot process your request because the server is overloaded.  Try again in a few minutes."
  }
}

Event Timeline

He7d3r created this task.Nov 22 2015, 11:25 AM
He7d3r updated the task description. (Show Details)
He7d3r raised the priority of this task from to Needs Triage.
He7d3r added a subscriber: He7d3r.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptNov 22 2015, 11:25 AM
Halfak added a subscriber: Halfak.Mar 30 2016, 4:30 PM

Just ran a test and I was able to replicate this by

  1. Go to https://en.wikipedia.org
  2. Open dev console
  3. Paste $.ajax("https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=notanint")

In chrome, I get:

XMLHttpRequest cannot load https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=butts. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'https://en.wikipedia.org' is therefore not allowed access. The response had HTTP status code 400.

But if instead, I paste $.ajax("https://ores.wmflabs.org/scores/itwiki/?models=reverted&revids=123"), I get no error because the response is 200.

Looks like this is what defines our CORS: https://github.com/wikimedia/operations-puppet/blob/production/modules/role/templates/ores/lb.nginx.erb

@yuvipanda originally set this up, so maybe he has an idea for why it doesn't work with non-200 responses.

Ladsgroup claimed this task.May 9 2016, 5:35 AM
Ladsgroup added a project: Wikilabels.

Same happens with Wikilabels. It's pretty easy to fix.

Change 287566 had a related patch set uploaded (by Ladsgroup):
Enable CORS for ORES regardless of response code

https://gerrit.wikimedia.org/r/287566

Change 287566 merged by Yuvipanda:
ores: Enable CORS regardless of response code

https://gerrit.wikimedia.org/r/287566

Halfak closed this task as Resolved.May 10 2016, 8:44 PM