Page MenuHomePhabricator
Create Task
Maniphest T126697

Special:CentralAutoLogin/checkLoggedIn redirects to wikimediafoundation.org on Beta Cluster
Closed, InvalidPublic
Actions

Description

Observed on http://en.wikipedia.beta.wmflabs.org/wiki/Main_Page
Sequence of events:

http://login.wikimedia.beta.wmflabs.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http
301 Moved Permanently
Location:http://wikimediafoundation.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http

http://wikimediafoundation.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http
307 Internal Redirect
Location:https://wikimediafoundation.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http

https://wikimediafoundation.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http
404 Not Found

Related Objects

Event Timeline

MaxSem created this task.Feb 12 2016, 12:33 AM
MaxSem raised the priority of this task from to Needs Triage.
MaxSem updated the task description. (Show Details)
MaxSem added projects: MediaWiki-extensions-CentralAuth, Beta-Cluster-Infrastructure.
MaxSem added subscribers: MaxSem, Anomie, Tgr, bd808.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptFeb 12 2016, 12:33 AM
greg renamed this task from Special:CentralAutoLogin/checkLoggedIn redirects to wikimediafoundation.org on betalabs to Special:CentralAutoLogin/checkLoggedIn redirects to wikimediafoundation.org on Beta Cluster.Feb 12 2016, 12:40 AM
greg set Security to None.
Anomie added a comment.Feb 12 2016, 2:51 AM
$ curl -v 'http://login.wikimedia.beta.wmflabs.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http'
*   Trying 208.80.155.135...
* Connected to login.wikimedia.beta.wmflabs.org (208.80.155.135) port 80 (#0)
> GET /wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http HTTP/1.1
> Host: login.wikimedia.beta.wmflabs.org
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: Apache
< X-Powered-By: HHVM/3.3.0-static
< Location: http://wikimediafoundation.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=enwiki&proto=http
< Content-Type: text/html; charset=iso-8859-1
< Vary: X-Forwarded-Proto
< X-Varnish: 525489233, 2009175075 2006602643
< Via: 1.1 varnish, 1.1 varnish
< Transfer-Encoding: chunked
< Date: Fri, 12 Feb 2016 02:40:36 GMT
< Age: 1414095
< Connection: keep-alive
< X-Cache: deployment-cache-text04 miss (0), deployment-cache-text04 frontend hit (13856)
< Set-Cookie: WMF-Last-Access=12-Feb-2016;Path=/;HttpOnly;Expires=Tue, 15 Mar 2016 00:00:00 GMT
< X-Analytics: nocookies=1
< X-Client-IP: XX.XX.XX.XX
< Cache-Control: private, s-maxage=0, max-age=0, must-revalidate
< Set-Cookie: GeoIP=XXXXX:v4; Path=/; Domain=.wmflabs.org
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://wikimediafoundation.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&amp;wikiid=enwiki&amp;proto=http">here</a>.</p>
</body></html>
* Connection #0 to host login.wikimedia.beta.wmflabs.org left intact
$ curl -v 'http://login.wikimedia.beta.wmflabs.org/wiki/Special:CentralAutoLogin/checkLoggedIn?wikiid=enwiki&proto=http&type=script'
*   Trying 208.80.155.135...
* Connected to login.wikimedia.beta.wmflabs.org (208.80.155.135) port 80 (#0)
> GET /wiki/Special:CentralAutoLogin/checkLoggedIn?wikiid=enwiki&proto=http&type=script HTTP/1.1
> Host: login.wikimedia.beta.wmflabs.org
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Apache
< X-Powered-By: HHVM/3.6.5
< X-Content-Type-Options: nosniff
< P3P: CP="This is not a P3P policy! See http://login.wikimedia.beta.wmflabs.org/wiki/Special:CentralAutoLogin/P3P for more info."
< Vary: Accept-Encoding,Cookie,Authorization
< Backend-Timing: D=158201 t=1455245075339790
< Content-Type: text/javascript; charset=utf-8
< X-Varnish: 1934230840, 2009176186
< Via: 1.1 varnish, 1.1 varnish
< Transfer-Encoding: chunked
< Date: Fri, 12 Feb 2016 02:44:35 GMT
< Age: 0
< Connection: keep-alive
< X-Cache: deployment-cache-text04 miss (0), deployment-cache-text04 frontend miss (0)
< Set-Cookie: WMF-Last-Access=12-Feb-2016;Path=/;HttpOnly;Expires=Tue, 15 Mar 2016 00:00:00 GMT
< X-Analytics: nocookies=1
< X-Client-IP: XX.XX.XX.XX
< Cache-Control: private, s-maxage=0, max-age=0, must-revalidate
< Set-Cookie: GeoIP=XXXXX:v4; Path=/; Domain=.wmflabs.org
< 
/* Not centrally logged in */
* Connection #0 to host login.wikimedia.beta.wmflabs.org left intact
var t=new Date();t.setTime(t.getTime()+86400000);try{localStorage.setItem('CentralAuthAnon',t.getTime());}catch(e){document.cookie='CentralAuthAnon=1; expires='+t.toGMTString()+'; path=/';}

Seems unlikely to be MediaWiki, since the same request with parameters in a different order is being handled differently. The bad response is also missing the X-Content-Type-Options: nosniff header that's added early in WebStart.php, has charset=iso-8859-1 rather than charset=utf-8, and has a redirect body that's more like what Apache generically sets than anything MediaWiki does.

MaxSem added projects: SRE, Wikimedia-Apache-configuration.Feb 12 2016, 2:54 AM
Tgr added a comment.Feb 12 2016, 4:31 AM

Maybe during T124804 some redirect responses got cached.

Krenair closed this task as Invalid.Apr 10 2016, 12:52 AM
Krenair subscribed.

Likely a cached issue as @Tgr suggested because I can not reproduce this now.

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Dec 15 2016, 4:17 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL