https://wikiworkshop.org is hosted in WMF production but has a Facebook button, an external statcounter and redirects from https to http in some cases.
Description
Details
Related Objects
- Mentioned In
- rRWWS4bb3d14aa83b: 2020: upgrade bootstrap
rRWWS2cfba8a48f15: 2019: Upgrade bootstrap
rRWWSfc4dd637c9be: 2017: Upgrade bootstrap
rRWWS1f90253f9cc2: 2016: Upgrade bootstrap
rRWWSb2f0700f7de6: 2015: remove YUI js and (most of) CSS
rRWWS7f193567f684: Copy external assets to the repo
rRWWSda2abb4cbd15: remove more stat counters
rRWWS8f54476435cf: remove statcounter
rRWWS5a47edab2152: remove Facebook button
Event Timeline
Change 593752 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[research/wikiworkshop@master] remove Facebook button
Change 593753 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[research/wikiworkshop@master] remove statcounter
Change 593751 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[research/wikiworkshop@master] replace a http:// with a https:// link to the 2015 workshop
Change 593751 merged by Bmansurov:
[research/wikiworkshop@master] replace a http:// with a https:// link to the 2015 workshop
@leila head's up that one of the patches is removing the Facebook button. Another is removing statcounter. We probably want to use https://wikitech.wikimedia.org/wiki/Tool:Event_Metrics instead. What do you think?
@bmansurov thanks for the heads up. those removals are fine. (and btw, I expect James Fishback to provide more update requests in the coming weeks per an internal thread to clean up such aspects of the site).
Re Event Metrics: sounds good to me if it's relatively straightforward for you to set up.
Thanks @leila ! I would be happy to merge my patches but i don't have +2 on that repo. There is no deployment needed since puppet will git pull automatically.
Change 593752 merged by Bmansurov:
[research/wikiworkshop@master] remove Facebook button
Change 596194 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[research/wikiworkshop@master] remove more Facebook buttons in previous years
Change 596196 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[research/wikiworkshop@master] remove tweet buttons
Change 596198 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[research/wikiworkshop@master] remove more stat counters
Change 596194 merged by Bmansurov:
[research/wikiworkshop@master] remove more Facebook buttons in previous years
Change 596196 merged by Bmansurov:
[research/wikiworkshop@master] remove Twitter script/buttons
Change 596198 merged by Bmansurov:
[research/wikiworkshop@master] remove more stat counters
The last things I see are:
- Remove as much of the YUI and Bootstrap CSS and JS as possible. We don't want to leave vulnerable libraries out there needlessly.
- Update what remains of those libraries to newest stable versions.
- There are several assets being hosted at stanford.edu that should either be removed if not needed, or moved into the repo so we host them
I pinged @leila about whether she wanted me to do that or she had someone else, but I haven't heard back (I think because of no-email Friday).
@bmansurov please check JFishback_WMF's comment above and make the changes requested.
Change 598266 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] Copy external assets to the repo
Change 598266 merged by Bmansurov:
[research/wikiworkshop@master] Copy external assets to the repo
Change 598267 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] 2015: remove YUI js and (most of) CSS
Change 598267 merged by Bmansurov:
[research/wikiworkshop@master] 2015: remove YUI js and (most of) CSS
Change 598268 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] WIP: Upgrade bootstrap
Just a little status update: I've removed YUI and working on upgrading bootstrap. Since a lot changed between versions 2 and 4, it'll take some time to fully upgrade years 2016 through 2020. I'll let you know when I'm done.
Change 598268 merged by Bmansurov:
[research/wikiworkshop@master] 2016: Upgrade bootstrap
Change 598895 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] 2017: Upgrade bootstrap
Change 598895 merged by Bmansurov:
[research/wikiworkshop@master] 2017: Upgrade bootstrap
Change 598896 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] 2018: upgrade bootstrap
Change 598896 merged by Bmansurov:
[research/wikiworkshop@master] 2018: upgrade bootstrap
Change 598900 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] 2019: Upgrade bootstrap
Change 598900 merged by Bmansurov:
[research/wikiworkshop@master] 2019: Upgrade bootstrap
Change 599143 had a related patch set uploaded (by Bmansurov; owner: Bmansurov):
[research/wikiworkshop@master] 2020: upgrade bootstrap
Change 599143 merged by Bmansurov:
[research/wikiworkshop@master] 2020: upgrade bootstrap
Minor issue (so to some extent, still a HTTPS to HTTP redirect), I going to https://wikiworkshop.org/2019 (and other older sites, rather than one with a trailing /) results in a 301 against a HTTP resource before being kicked back to HTTPS
404s from favicon.ico but that obviously doesn't matter
Other than that, LGTM
curl -I -L https://wikiworkshop.org/2019 HTTP/2 301 date: Thu, 18 Jun 2020 15:17:14 GMT server: Apache location: http://wikiworkshop.org/2019/ content-length: 303 content-type: text/html; charset=iso-8859-1 vary: X-Forwarded-Proto age: 332 x-cache: cp3064 miss, cp3062 hit/2 x-cache-status: hit-front server-timing: cache;desc="hit-front" HTTP/1.1 301 TLS Redirect Date: Thu, 18 Jun 2020 15:22:46 GMT Server: Varnish X-Varnish: 816772390 X-Cache: cp3050 int X-Cache-Status: int-front Server-Timing: cache;desc="int-front" Location: https://wikiworkshop.org/2019/ Content-Length: 0 Connection: keep-alive HTTP/2 200 date: Thu, 18 Jun 2020 15:17:14 GMT server: Apache last-modified: Thu, 28 May 2020 00:11:13 GMT vary: Accept-Encoding cache-control: max-age=3600, must-revalidate content-type: text/html etag: W/"9740-5a6aa2a9d38b2" age: 331 x-cache: cp3058 miss, cp3062 hit/2 x-cache-status: hit-front server-timing: cache;desc="hit-front" accept-ranges: bytes
assert_headers: Location: http://wikiworkshop.org/2020/
That's obviously wrong, even if the test is just confirming what happens now..
@Vgutierrez This site was setup by Brandon. Could you maybe ask him about that last question?
I think this was just an oversight! Patch incoming for that part.
On the other redirects - the ones that read as 301 TLS Redirect that go in the http->https direction are from our generic Varnish coverage, while the downgrade ones are coming from something down in the applayer side.
Change 723590 had a related patch set uploaded (by BBlack; author: BBlack):
[operations/puppet@production] Add wikiworkshop.org to HSTS regex
Change 723590 merged by BBlack:
[operations/puppet@production] Add wikiworkshop.org to HSTS regex
Change 747658 had a related patch set uploaded (by Dzahn; author: Dzahn):
[operations/puppet@production] httpbb: miscweb: fix tests for wikiworkshop.org, update 2021 to 2022
Change 747658 merged by Dzahn:
[operations/puppet@production] httpbb: miscweb: fix tests for wikiworkshop.org, update 2021 to 2022
Remaining items:
- Implement https://wikitech.wikimedia.org/wiki/Tool:Event_Metrics. I looked more into it. Unfortunately, it does not fit our use case as it's tied to specific Wikimedia projects (Wikipedia, Wiktionary, and Wikivoyage). Before looking more into it, I was under the false impression that we could use it as a pageview counter.
- Resolve the https -> http redirect issue (who should look into it?) mentioned in:
Change 789658 had a related patch set uploaded (by BBlack; author: BBlack):
[operations/puppet@production] Explicitly define wikiworkshop ServerName as HTTPS
I've uploaded a patch to the vhost's apache config that should probably fix that issue in the short term sense. Might need some review, as I wrote it blindly without testing anything and apache config minutia is not my strong suit, and I think this service has migrated to something k8s-based, but which I suspect shares this same config...
It seems the majority of the issues described in the task have been resolved. Closing it for now. Feel free to re-open it.