Page MenuHomePhabricator
Create Task
Maniphest T248278

Wikibase doesn't respect Kartographer's addExtraCSPSrc
Open, Needs TriagePublic
Actions

Description

In 889716e13798 Kartographer was changed to automatically add the map server to the CSP source list for pages that include a map on them. However this doesn't seem to work for Wikidata, due to Wikibase\Repo\ParserOutput\GlobeCoordinateKartographerDataUpdater::updateParserOutput not copying that data over.

This wouldn't affect anything in production (Because CSP is not in use yet, but also the plan is to whitelist all of *.wikimedia.org just generally). However, this is breaking things on beta wiki.

My suggested fix would be:

diff --git a/repo/includes/ParserOutput/GlobeCoordinateKartographerDataUpdater.php b/repo/includes/ParserOutput/GlobeCoordinateKartographerDataUpdater.php
index a6963cc409..6a79c92ba5 100644
--- a/repo/includes/ParserOutput/GlobeCoordinateKartographerDataUpdater.php
+++ b/repo/includes/ParserOutput/GlobeCoordinateKartographerDataUpdater.php
@@ -81,6 +81,11 @@ class GlobeCoordinateKartographerDataUpdater implements StatementDataUpdater {
                $parserOutput->addModules( $kartographerParserOutput->getModules() );
                $parserOutput->addModuleStyles( $kartographerParserOutput->getModuleStyles() );
 
+               $srcs = $kartographerParserOutput->getExtraCSPDefaultSrcs();
+               foreach( $srcs as $src ) {
+                       $parserOutput->addExtraCSPDefaultSrc( $src );
+               }
+
                $parserOutput->setExtensionData(
                        'kartographer',
                        $kartographerParserOutput->getExtensionData( 'kartographer' )

However, I'm not sure if that would work during preview. I also haven't tested this as of yet.

Alternatively, it may make sense to use ParserOutput::mergeInternalMetaDataFrom, so that this is less coupled to internal implementation details.

Acceptance Criteria: 🏕️🌟(October 2021):

  • all Wikibase pages that may contain a map add the map server to the CSP source list
    • this includes entity pages that don’t contain a map yet, but where users may add a coordinate statement – the editing UI shows a map preview

Related Objects

Event Timeline

Bawolff created this task.Mar 22 2020, 11:46 PM
Restricted Application added a project: Wikidata. · View Herald TranscriptMar 22 2020, 11:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Bawolff mentioned this in T244124: Make CSP enforce on beta cluster.Mar 22 2020, 11:47 PM
Reedy added a project: Wikidata-Campsite.Mar 23 2020, 1:17 AM
Addshore added a project: [DEPRECATED] wdwb-tech.Jul 16 2021, 8:08 AM
Addshore moved this task from Inbox to To Prioritize on the [DEPRECATED] wdwb-tech board.Jul 19 2021, 2:08 PM
Addshore moved this task from To Prioritize to Triaged Medium (50+) on the [DEPRECATED] wdwb-tech board.Aug 31 2021, 11:22 AM
Lucas_Werkmeister_WMDE moved this task from Incoming to Prioritized Wikidata Tech Backlog (prioritised from top to bottom) on the Wikidata-Campsite board.Sep 28 2021, 10:22 AM
Lucas_Werkmeister_WMDE added a project: MediaWiki-extensions-WikibaseClient.Oct 6 2021, 8:41 AM
Lucas_Werkmeister_WMDE updated the task description. (Show Details)
Lucas_Werkmeister_WMDE subscribed.Oct 6 2021, 8:44 AM

@Bawolff can you elaborate a bit on the issues on the Beta cluster? As far as I can tell, everything is working both on entity pages (WikibaseRepo, Q15905) and Wikitext pages that use coordinates from entities (WikibaseClient, Talk:Q15905).

Maybe this already got resolved in the meantime?

Addshore moved this task from Prioritized Wikidata Tech Backlog (prioritised from top to bottom) to Incoming on the Wikidata-Campsite board.Nov 4 2021, 10:25 AM
Manuel moved this task from Incoming to Miscellaneous on the Wikidata-Campsite board.Jul 12 2022, 12:06 PM
Manuel moved this task from Miscellaneous to Tech realm on the Wikidata-Campsite board.Aug 2 2022, 12:11 PM
Manuel removed a project: Wikidata-Campsite.Nov 8 2022, 10:58 AM
Michael moved this task from Backlog to Geo&Maps on the MediaWiki-extensions-WikibaseClient board.Mar 6 2024, 5:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits