Page MenuHomePhabricator

Javascript on Special:RecentChanges performs GET requests which include a Content-Type request header
Closed, ResolvedPublicBUG REPORT


List of steps to reproduce (step by step, including full links if applicable):

  • Visit Special:RecentChanges on your mediawiki
  • Wait at least 3 seconds

What happens?:
Every 3 seconds, a javascript kicks in and performs a GET request on the server via XMLHttpRequest
The GET request includes a Content-Type request header, set to "html"
There are 2 issues with this:

  • GET requests shouldn't have Content-Type headers (unlike POST, no data which could have a type is sent). This causes unnecessary alarms on mod_security.
  • and even if html data was submitted (unusual), it should be text/html rather than just html

What should have happened instead?:
The GET request should not include a Content-Type header.

Software version (if not a Wikimedia wiki), browser information, screenshots, other information, etc.:
Mediawiki: 1:1.35.4-1+deb11u2
Browser: Firefox 91.8.0esr (64-bit)

Event Timeline

Change 782560 had a related patch set uploaded (by Dylsss; author: Dylsss):

[mediawiki/core@master] Remove unnecessary Content-Type header for GET request

Change 782560 merged by jenkins-bot:

[mediawiki/core@master] Remove unnecessary Content-Type header for GET request