Page MenuHomePhabricator
Create Task
Maniphest T249843

Toolforge.org: k8s canonical temporal redirect uses HTTP 301
Closed, ResolvedPublic
Actions

Description

Some tests by @LucasWerkmeister using webservice 0.66 and the --canonical switch indicated that nginx-ingress is returning HTTP 301.

This has some consequences:

  • the tool developer cannot easily revert the redirect once it has been introduced. We should use HTTP 307 instead, so the --canonical switch can be reverted.
  • firefox translated POST request to GET. Not sure if this is related to the HTTP 301 or that we need some special case for requests other than GETs

Details

SubjectRepoBranchLines +/-
toolforge: legacy URLs: use HTTP 307/308 for the redirectsoperations/puppetproduction+2 -2
d/changelog: prepare for 0.67 releaseoperations/software/tools-webservicemaster+10 -3
kubernetes: ingress: use HTTP 307 for canonical redirectoperations/software/tools-webservicemaster+3 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero created this task.Apr 9 2020, 4:26 PM
gerritbot added a comment.Apr 9 2020, 4:27 PM

Change 587807 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/software/tools-webservice@master] kubernetes: ingress: use HTTP 307 for canonical redirect

https://gerrit.wikimedia.org/r/587807

gerritbot added a project: Patch-For-Review.Apr 9 2020, 4:27 PM
gerritbot added a comment.Apr 10 2020, 9:33 AM

Change 587807 merged by jenkins-bot:
[operations/software/tools-webservice@master] kubernetes: ingress: use HTTP 307 for canonical redirect

https://gerrit.wikimedia.org/r/587807

aborrero triaged this task as High priority.Apr 10 2020, 9:57 AM

Patch is merged, we need another release of the tools-webservice package before we announce the toolforge.org domain next monday.

Maintenance_bot removed a project: Patch-For-Review.Apr 10 2020, 10:10 AM
LucasWerkmeister added a comment.Apr 10 2020, 11:55 AM

firefox translated POST request to GET. Not sure if this is related to the HTTP 301 or that we need some special case for requests other than GETs

If I read this correctly, the right status code for “permanent redirect, don’t change the method” would be 308, so I guess that one should be used by the permanent/legacy redirector once that’s in place. (Though POSTs to the old URLs should probably be rare.)

gerritbot added a comment.Apr 10 2020, 4:20 PM

Change 588013 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/software/tools-webservice@master] d/changelog: prepare for 0.67 release

https://gerrit.wikimedia.org/r/588013

gerritbot added a project: Patch-For-Review.Apr 10 2020, 4:20 PM
gerritbot added a comment.Apr 10 2020, 6:49 PM

Change 588013 merged by jenkins-bot:
[operations/software/tools-webservice@master] d/changelog: prepare for 0.67 release

https://gerrit.wikimedia.org/r/588013

Maintenance_bot removed a project: Patch-For-Review.Apr 10 2020, 7:10 PM
Stashbot added a comment.Apr 10 2020, 7:32 PM

Mentioned in SAL (#wikimedia-cloud) [2020-04-10T19:32:33Z] <bstorm_> deployed webservice 0.67 T249843

Stashbot added a comment.Apr 10 2020, 7:36 PM

Mentioned in SAL (#wikimedia-cloud) [2020-04-10T19:36:56Z] <bstorm_> after testing deploying toollabs-webservice 0.67 to tools repos T249843

Bstorm added a comment.Apr 10 2020, 7:48 PM

Ok, the bastions now all have the new version of webservice.

Stashbot added a comment.Apr 10 2020, 9:33 PM

Mentioned in SAL (#wikimedia-cloud) [2020-04-10T21:33:48Z] <bd808> Rebuilding all Docker images for the Kubernetes cluster (T249843)

bd808 added a comment.Apr 10 2020, 10:29 PM

firefox translated POST request to GET. Not sure if this is related to the HTTP 301 or that we need some special case for requests other than GETs

We should use the 307 & 308 response codes instead of 301 & 302. 307 and 308 were added in the HTTP/1.1 spec to help resolve the ambiguity of what to do when a POST is redirected [ 0 ]. Other that that the only real possibility is forcing each tool that uses POST to operate properly at both URLs. We had this same "POST loophole" issue in WMF production when we forced TLS for all requests and http://tools.wmflabs.org has it still.

gerritbot added a comment.Apr 13 2020, 10:11 AM

Change 588380 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] toolforge: legacy URLs: use HTTP 307/308 for the redirects

https://gerrit.wikimedia.org/r/588380

gerritbot added a project: Patch-For-Review.Apr 13 2020, 10:11 AM
gerritbot added a comment.Apr 13 2020, 10:16 AM

Change 588380 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] toolforge: legacy URLs: use HTTP 307/308 for the redirects

https://gerrit.wikimedia.org/r/588380

Maintenance_bot removed a project: Patch-For-Review.Apr 13 2020, 11:10 AM
aborrero closed this task as Resolved.Apr 14 2020, 11:37 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits