Page MenuHomePhabricator
Create Task
Maniphest T306275

Javascript on Special:RecentChanges performs GET requests which include a Content-Type request header
Closed, ResolvedPublicBUG REPORT
Actions

Description

List of steps to reproduce (step by step, including full links if applicable):

  • Visit Special:RecentChanges on your mediawiki
  • Wait at least 3 seconds

What happens?:
Every 3 seconds, a javascript kicks in and performs a GET request on the server via XMLHttpRequest
The GET request includes a Content-Type request header, set to "html"
There are 2 issues with this:

  • GET requests shouldn't have Content-Type headers (unlike POST, no data which could have a type is sent). This causes unnecessary alarms on mod_security.
  • and even if html data was submitted (unusual), it should be text/html rather than just html

What should have happened instead?:
The GET request should not include a Content-Type header.

Software version (if not a Wikimedia wiki), browser information, screenshots, other information, etc.:
Mediawiki: 1:1.35.4-1+deb11u2
Browser: Firefox 91.8.0esr (64-bit)

Details

SubjectRepoBranchLines +/-
Remove unnecessary Content-Type header for GET requestmediawiki/coremaster+1 -1
Customize query in gerrit

Event Timeline

AlainKnaffPhab created this task.Apr 15 2022, 7:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 15 2022, 7:11 PM
Dylsss claimed this task.Apr 15 2022, 8:52 PM
Dylsss added a project: MediaWiki-Recent-changes.
Restricted Application added a project: Growth-Team. · View Herald TranscriptApr 15 2022, 8:52 PM
gerritbot added a comment.Apr 15 2022, 8:56 PM

Change 782560 had a related patch set uploaded (by Dylsss; author: Dylsss):

[mediawiki/core@master] Remove unnecessary Content-Type header for GET request

https://gerrit.wikimedia.org/r/782560

gerritbot added a project: Patch-For-Review.Apr 15 2022, 8:56 PM
matmarex subscribed.Apr 19 2022, 10:48 PM
gerritbot added a comment.Apr 19 2022, 11:02 PM

Change 782560 merged by jenkins-bot:

[mediawiki/core@master] Remove unnecessary Content-Type header for GET request

https://gerrit.wikimedia.org/r/782560

Maintenance_bot removed a project: Patch-For-Review.Apr 19 2022, 11:30 PM
matmarex closed this task as Resolved.Apr 19 2022, 11:35 PM
ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.9; 2022-04-25).Apr 20 2022, 12:00 AM
Platonides awarded a token.Oct 26 2022, 12:54 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL