Page MenuHomePhabricator
Create Task
Maniphest T225655

PHP Warning "headers already sent" from MediaWiki::preOutputCommit during SpecialCentralAutoLogin
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

Error

Request URL: GET enwiki /wiki/Special:CentralAutoLogin/setCookies?type=script&return=1&returnto= … &proto=https
Request ID: XQDBUApAICsAAIyT-aMAAAAB

message
PHP Warning: Cannot modify header information - headers already sent by (output started at /srv/mediawiki/php-1.34.0-wmf.8/extensions/CentralAuth/includes/specials/SpecialCentralAutoLogin.php:649)
trace
#1 /srv/mediawiki/php-1.34.0-wmf.8/includes/WebResponse.php(72): header(string, boolean)
#2 /srv/mediawiki/php-1.34.0-wmf.8/includes/MediaWiki.php(672): WebResponse->header(string)
#3 /srv/mediawiki/php-1.34.0-wmf.8/includes/MediaWiki.php(566): MediaWiki::preOutputCommit(RequestContext, Closure)
#4 /srv/mediawiki/php-1.34.0-wmf.8/includes/MediaWiki.php(881): MediaWiki->doPreOutputCommit(Closure)
#5 /srv/mediawiki/php-1.34.0-wmf.8/includes/MediaWiki.php(515): MediaWiki->main()
#6 /srv/mediawiki/php-1.34.0-wmf.8/index.php(42): MediaWiki->run()
#7 /srv/mediawiki/w/index.php(3): require(string)

Impact

The application explicitly tries to add an HTTP response header, but PHP is silently rejecting this attempt because other code in the same process had already started the response body and thus it cannot send response headers any more.

The request continues as if the header was output, without awareness that this operation was skipped. This means anything that relies on this header being present might be confused, corrupted, or become stale without automatic recovery.

Notes

Details

SubjectRepoBranchLines +/-
Various cleanups to MediaWiki::preOutputCommitmediawiki/coremaster+82 -63
Customize query in gerrit

Related Objects

Event Timeline

Krinkle created this task.Jun 12 2019, 6:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 12 2019, 6:21 PM
Krinkle added a comment.Jun 12 2019, 6:24 PM

It seems some code in MediaWiki::preOutputCommit that relates to headers is already aware that special pages and other end points are currently allowed to handle their own response (such as Special:Export and Special:CentralAutoLogin do, via OutputPage::disable), and have handling for scenarios where headers are already sent.

However, the following three features do not account for this and currently get silently ignored by PHP, resulting in the above warning:

  1. The UseDC and UseCDNCache cookies.
  2. The X-Database-Lagged: true header.
  3. The X-Response-Substitute: true header.

The sample in the task description is from X-Database-Lagged: true.

Krinkle moved this task from Untriaged to Jun 2019 / 1.34.wmf.8+ on the Wikimedia-production-error board.Jun 14 2019, 1:04 PM
Aklapper added a comment.EditedJun 15 2019, 10:39 PM

Also see T225197: PHP Warning from /w/thumb.php: "Cannot modify header information - headers already sent" and T225657: PHP Warning "headers already sent" from exception reporter for fatals that happen post-send for similar error messages.

Gilles assigned this task to aaron.Jun 17 2019, 8:12 PM
Gilles moved this task from Inbox, needs triage to Doing (old) on the Performance-Team board.
gerritbot added a comment.Jun 18 2019, 10:49 AM

Change 517617 had a related patch set uploaded (by Aaron Schulz; owner: Aaron Schulz):
[mediawiki/core@master] Various cleanups to MediaWiki::preOutputCommit

https://gerrit.wikimedia.org/r/517617

gerritbot added a project: Patch-For-Review.Jun 18 2019, 10:49 AM
gerritbot added a comment.Jun 19 2019, 2:11 AM

Change 517617 merged by jenkins-bot:
[mediawiki/core@master] Various cleanups to MediaWiki::preOutputCommit

https://gerrit.wikimedia.org/r/517617

ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.11; 2019-06-26).Jun 19 2019, 3:00 AM
Maintenance_bot removed a project: Patch-For-Review.Jun 19 2019, 3:10 AM
aaron closed this task as Resolved.Jun 19 2019, 11:27 AM
mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:06 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits