Page MenuHomePhabricator

Forward request data in proxied Action API modules
Closed, ResolvedPublic

Description

Some Action API modules proxy data from another API (e.g. ORES, Pageviews). Such modules should forward the request IP and user agent when making requests to the upstream API so client throttling / banning can be properly done upstream. For IP, this probably means setting X-Forwarded-For (and it would be the upstream's responsibility to have a whitelist of what sources to trust XFF from); for the user agent, maybe add an X-UA-Original header?

Details

Related Gerrit Patches:
mediawiki/extensions/ORES : masterForward request data to ORES API
mediawiki/extensions/PageViewInfo : masterForward request details to upstream API
mediawiki/core : masterMWHttpRequest: optionally add original request data

Event Timeline

Tgr created this task.Mar 21 2017, 8:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 21 2017, 8:07 PM
Tgr renamed this task from Forward request data in proxied Action API modiles to Forward request data in proxied Action API modules.Mar 23 2017, 12:25 AM

Change 344809 merged by jenkins-bot:
[mediawiki/core@master] MWHttpRequest: optionally add original request data

https://gerrit.wikimedia.org/r/344809

Change 344816 merged by jenkins-bot:
[mediawiki/extensions/PageViewInfo@master] Forward request details to upstream API

https://gerrit.wikimedia.org/r/344816

Tgr added a comment.May 25 2017, 3:10 PM

https://gerrit.wikimedia.org/r/#/c/344815/ (which was the real point of the exercise) still needs to be merged.

Change 344815 merged by jenkins-bot:
[mediawiki/extensions/ORES@master] Forward request data to ORES API

https://gerrit.wikimedia.org/r/344815

Tgr closed this task as Resolved.May 25 2017, 9:33 PM
Tgr claimed this task.
Jdforrester-WMF added a subscriber: Jdforrester-WMF.

Mass-moving all items tagged for MediaWiki 1.30.0-wmf.3, as that was never released; instead, we're using -wmf.4.