Page MenuHomePhabricator
Create Task
Maniphest T134845

New GeoIP service endpoint that returns JSON, not JSONP
Closed, DeclinedPublic2 Estimated Story Points
Actions

Description

If Varnish fails to add geolocation headers, or on non-WMF wikis, CentralNotice will fall back to a JSONP request to https://geoiplookup.wikimedia.org/ which sets the window.Geo variable.

That's a needless security risk for users, and as I understand it most browsers will block such a request anyway. We should change the hosted endpoint to serve JSON at https://geoiplookup.wikimedia.org/v2 or something, and fix the CORS, or otherwise debug why fresh installs won't geolocate correctly.

Related Objects

Event Timeline

awight created this task.May 10 2016, 6:43 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 10 2016, 6:43 AM
awight added a comment.EditedMay 10 2016, 7:32 AM

As you can tell, I barely know enough about CORS to write this bug. But I changed the ext.centralNotice.geoIP.js ajax call to use dataType=json, and although the request still fails, it at least allows Firefox to reach the "always" callback. Otherwise, there is a silent failure and reallyChooseAndMaybeDisplay is never called.

awight added a comment.May 10 2016, 7:40 AM

This is a known bug in jQuery 1.x, see Krinkle's work here!
https://github.com/jquery/jquery/issues/2413

DStrine set the point value for this task to 2.May 10 2016, 8:06 PM
DStrine moved this task from Triage to Q4 FY21-22 on the Fundraising-Backlog board.
mmodell removed a subscriber: awight.Jun 22 2017, 9:40 PM
Krinkle closed this task as Declined.Jul 11 2017, 4:28 AM
Krinkle subscribed.

Closing, as this task seems obsolete.

See also:

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL