Page MenuHomePhabricator

Internal API HTTP requests should hit the app server internal service IP, not the public HTTPS URL
Open, Needs TriagePublic

Description

Per @CDanis.

Off the top of my head GlobalUserPage needs updating, definitely there are others.

Rough codesearch: https://codesearch.wmflabs.org/operations/?q=https%3A%2F%2F&i=nope&files=php%24&repos=Wikimedia%20MediaWiki%20config

Event Timeline

Legoktm created this task.Jan 26 2020, 9:39 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 26 2020, 9:39 PM

The one's I can think of off the top of my head:

  • Commons file descriptions (wmf-config/filebackend.php)
  • GlobalUserPage
  • Babel ( T243726 )
  • CirrusSearch config
  • SpamBlacklist
  • JsonConfig
Restricted Application added a project: Core Platform Team. · View Herald TranscriptJan 26 2020, 9:47 PM
Restricted Application added a project: Discovery-Search. · View Herald TranscriptJan 26 2020, 9:48 PM

@Jdforrester-WMF I don't think any of these merit fixing in the extensions themselves, rather in the wmf-config, which is why I tagged it Wikimedia-Site-requests

@Jdforrester-WMF I don't think any of these merit fixing in the extensions themselves, rather in the wmf-config, which is why I tagged it Wikimedia-Site-requests

I'm not sure, probably most of these extensions need fixing to add header of "Host: " otherwise, something like appservers-ro.discovery.wmnet would not work.

@Jdforrester-WMF I don't think any of these merit fixing in the extensions themselves, rather in the wmf-config, which is why I tagged it Wikimedia-Site-requests

Either way, the responsible teams should know so that they don't "fix" it later.

TK-999 added a subscriber: TK-999.Jan 27 2020, 4:41 PM
WDoranWMF added a project: User-WDoran.