Page MenuHomePhabricator
Create Task
Maniphest T217348

Scheme-less URLs in mobile-html
Closed, ResolvedPublic
Actions

Description

Background information

In order to present articles while offline, the iOS app uses a custom scheme to provide permanently cached versions of files to the web view. To have that custom scheme automatically apply to all of the https URLs within the mobile-html response, they would need to be re-written as scheme-less.

What

Replace all https URLs (including js and css) with scheme-less equivalents. For example it would be //meta.wikimedia.org/api/rest_v1/data/css/mobile/base instead of https://meta.wikimedia.org/api/rest_v1/data/css/mobile/base

Open questions

URLs that aren't https won't work offline. Is this an issue?

Acceptance criteria

  • Articles returned by the mobile-html endpoint have https urls replaced with their scheme-less equivalents

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Make URLs scheme-less on mobile-html responsemediawiki/services/mobileappsmaster+73 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

JoeWalsh created this task.Feb 28 2019, 5:13 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 28 2019, 5:13 PM
bearND moved this task from Needs triage to Kanban on the Product-Infrastructure-Team-Backlog-Deprecated board.Feb 28 2019, 6:06 PM
bearND edited projects, added Product-Infrastructure-Team-Backlog-Deprecated (Kanban); removed Product-Infrastructure-Team-Backlog-Deprecated.
MSantos subscribed.Mar 1 2019, 9:21 PM

@JoeWalsh does that apply to <source> tags like:

<source src="https://upload.wikimedia.org/wikipedia/commons/8/83/Mothercatandkitten-malawi-2018.webm" type="video/webm; codecs=&quot;vp8&quot;" data-file-width="770" data-file-height="540" data-title="Original WebM file, 770 × 540 (2.09 Mbps)" data-shorttitle="WebM source">

From: view-source:https://en.wikipedia.org/api/rest_v1/page/mobile-html/Cat#External_links

MSantos claimed this task.Mar 1 2019, 9:23 PM
MSantos triaged this task as Medium priority.
MSantos added a project: Page Content Service.
MSantos moved this task from To Do to Doing on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.
JoeWalsh added a comment.EditedMar 1 2019, 9:32 PM

@MSantos yes, it should apply to source tags as well. I'm not sure that we'll actually save videos or audio for offline in the first iteration, but it would be nice to have the option available for the future

gerritbot subscribed.Mar 1 2019, 11:47 PM

Change 493770 had a related patch set uploaded (by MSantos; owner: MSantos):
[mediawiki/services/mobileapps@master] Make URLs scheme-less on mobile-html response

https://gerrit.wikimedia.org/r/493770

gerritbot added a project: Patch-For-Review.Mar 1 2019, 11:47 PM
MSantos added a comment.Mar 1 2019, 11:52 PM

@JoeWalsh Thanks for the input!

MSantos moved this task from Doing to Code Review on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Mar 1 2019, 11:52 PM
NHarateh_WMF subscribed.Mar 4 2019, 6:51 PM
NHarateh_WMF mentioned this in T217349: mobile-html-offline-resources endpoint.Mar 5 2019, 3:59 PM
JoeWalsh added a subscriber: bearND.Mar 5 2019, 4:48 PM

@MSantos @bearND The issue we're running into with the current implementation is that the x-content-security-policy header excludes custom schemes for script-src and style-src. Could they be updated to be less restrictive? The app works with the app:// scheme URLs added:

...script-src app://meta.wikimedia.org https://meta.wikimedia.org 'unsafe-inline'; style-src app://meta.wikimedia.org https://meta.wikimedia.org app://*.wikipedia.org https://*.wikipedia.org 'self' 'unsafe-inline';...

But would be open to other suggestions as well if there's a better way.

bearND added a comment.Mar 12 2019, 3:35 PM

@JoeWalsh app:// looks good to me.

bearND mentioned this in T218147: Allow app:// protocol in mobile-html CSP headers.Mar 12 2019, 7:33 PM
gerritbot added a comment.Mar 13 2019, 6:02 PM

Change 493770 merged by jenkins-bot:
[mediawiki/services/mobileapps@master] Make URLs scheme-less on mobile-html response

https://gerrit.wikimedia.org/r/493770

bearND added a comment.Mar 13 2019, 8:30 PM

Deployed a few minutes ago deploy/2019-03-13/5f8e4e61.

bearND moved this task from Code Review to Sign off on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Mar 13 2019, 8:31 PM
bearND added a parent task: T177433: Develop HTML Content API to be used with companion structured JSON APIs.Mar 15 2019, 7:47 PM
MSantos closed this task as Resolved.Apr 12 2019, 4:37 PM
MSantos closed subtask T218147: Allow app:// protocol in mobile-html CSP headers as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits