Page MenuHomePhabricator

Selecting "Good Pictures" button in Commons categories does not do anything (due to HTTP 502 error on http://fastcci1.wmflabs.org)
Open, Needs TriagePublicBUG REPORT

Description

Steps to Reproduce:
Install Firefox
Open https://commons.wikimedia.org/wiki/Category:Conifer_leaves
Open browser console (in tools, web developer menu)
Clear console
Click "good pictures"

Actual Results:

"Content Security Policy: The page’s settings observed the loading of a resource at https://fastcci1.wmflabs.org/?c1=1685819&d1=15&s=200&a=fqv (“default-src”). A CSP report is being sent." in the browser console

Expected Results:

I see list of good pictures

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 3 2019, 5:31 AM

It is failing also in Chromium, though I failed to find browse console in it.

Aklapper renamed this task from Good pictures button blocked by content security policy in Firefox to "Good Pictures" button in Commons Categories blocked by content security policy.Jul 3 2019, 9:45 AM

In case that it is not reproducible by other with default browser setup I am willing to make more extensive tests.

For now it seems to me like error not caused by some of settings that I changed (given breakage on a plain Chromium with default settings).

Digging around I found T207900 and https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/481206/

I'm able to reproduce this in Firefox. I see these headers:
content-security-policy-report-only: script-src 'unsafe-eval' 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'; default-src 'self' data: blob: https://upload.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org; style-src 'self' data: blob: https://upload.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1&

Shouldn't wmflabs.org be in that list? @Krinkle can you have a look at this?

@Multichill: No, I don't think so. See T223840

TheDJ added a subscriber: TheDJ.Jul 8 2019, 7:42 AM

I don't think this is related to CSP. The server now doesn't respond at all for me, not even via curl. I get a 502 bad gateway after about 10 seconds or something.

curl -v "https://fastcci1.wmflabs.org/?c1=1685819&d1=15&s=200&a=fqv"
and
curl -v "http://fastcci1.wmflabs.org/status"

Aklapper renamed this task from "Good Pictures" button in Commons Categories blocked by content security policy to Selecting "Good Pictures" button in Commons Categories does not do anything.Jul 8 2019, 8:30 AM
Aklapper added a project: Tools.
Aklapper edited projects, added VPS-Projects; removed Tools.

The CSP report is still a soft warning. wmflabs indeed does not belong in its whitelist by default. However before CSP will be enforced, indeed there will be a way for users and/or gadgets to add additional origins. This is unrelated to the issue at hand, however.

Krinkle removed a subscriber: Krinkle.Jul 9 2019, 8:03 PM
TheDJ added a subscriber: dschwen.Jul 25 2019, 8:12 PM

[Error] Origin https://commons.wikimedia.org is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://fastcci2.wmflabs.org/?c1=1685819&d1=15&s=200&a=fqv due to access control checks.
[Error] Failed to load resource: Origin https://commons.wikimedia.org is not allowed by Access-Control-Allow-Origin. (fastcci2.wmflabs.org, line 0)

fastcci.wmflabs.org doesn't appear to be online. gives 500s
I think that is a project by @dschwen ? I believe he is a bit busy these days..

Aklapper renamed this task from Selecting "Good Pictures" button in Commons Categories does not do anything to Selecting "Good Pictures" button in Commons categories does not do anything (due to HTTP 502 error on http://fastcci1.wmflabs.org).Jul 28 2019, 4:16 PM