Page MenuHomePhabricator

Rollback upgrade and create plan for shorter tests
Closed, ResolvedPublic

Description

@MBeat33 will be discussing this with Advancement during standup today. There were more bugs related to the CSP header over the weekend, and we want to get out of the mode of having to test on production.

@Ejegg and @cwdent are also currently discussing another option.

We would also need a plan to be able to do one-to-three hour tests before we roll this out again, and a timeline for when we'd sunset the older version before it is unsupported or there is a vulnerabilty with no fix.

Event Timeline

mepps created this task.Apr 1 2019, 3:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 1 2019, 3:45 PM
mepps added a comment.Apr 1 2019, 8:03 PM

Our next step is to update the CSP settings, and test both ourselves, and see if we can get any in-country donors to test. Then we can switch back over during higher traffic European times, and do a live test for a few hours. @cwdent @Ejegg does that sound right to you?

Jgreen added a subscriber: Jgreen.Apr 2 2019, 3:12 PM

Our next step is to update the CSP settings, and test both ourselves, and see if we can get any in-country donors to test. Then we can switch back over during higher traffic European times, and do a live test for a few hours. @cwdent @Ejegg does that sound right to you?

We're running a no-op CSP header on the codfw cluster as of yesterday afternoon, testable via https://payments.frdev.wikimedia.org. Before we switch back we have to remember to adjust the hostname!

Ejegg added a comment.Apr 2 2019, 4:13 PM

payments.frdev tested in Firefox and Chrome on Linux, working well.

We can use the links from https://etherpad.wikimedia.org/p/PaymentsPhp7Test. New section created at the top for this re-test

Ejegg added a comment.Apr 2 2019, 6:47 PM

Tested on Win10 (IE11 & Edge) and iPhone / safari.

No problems, except one with Amazon on iPhone that seems to be present on both versions of the site, and is therefore probably unrelated to CSP: https://phabricator.wikimedia.org/T219905

mepps added a comment.Apr 4 2019, 4:49 PM

@cwdent @Jeff_Green @Ejegg where are we on testing this?

Ejegg added a subscriber: DStrine.EditedApr 4 2019, 5:07 PM

@mepps: @DStrine and I have tested on multiple browsers on desktop and mobile, see https://etherpad.wikimedia.org/p/PaymentsPhp7Test.

We haven't gotten any testers in SE to see how the 3DS flow works.

mepps added a comment.Apr 19 2019, 1:40 PM

@cwdent @Ejegg can we close this now? Or should we work on a test plan for the next upgrade first perhaps?

DStrine closed this task as Resolved.Apr 30 2019, 8:12 PM