Page MenuHomePhabricator
Create Task
Maniphest T347022

[timebox 4h] [QueryService UI]Gracefull fail on attempting to shorten too long an URL
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

  • Enter a long query
  • Press the "Short URL to this page" button

What happens?:

  • The pop-out contains a black square

image.png (130×384 px, 17 KB)

What should have happened instead?:

  • Any type of explanatory error message would help.

Software version (skip for WMF-hosted wikis like Wikipedia):
wikibase.cloud

Other information (browser name/version, screenshots, etc.):

  • I'm going of the assumption that it is the length of the url which is causing the issues. Since wikibase.cloud uses a different url-shortner from Wikidata the length probably needs to be made a config variable linked to whichever service is used.

Related Objects

Event Timeline

Lokal_Profil created this task.Sep 21 2023, 10:12 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 21 2023, 10:12 AM
Evelien_WMDE moved this task from Backlog (incoming) to Engineering prioritised backlog on the Wikibase Cloud board.Oct 4 2023, 10:52 AM
Tarrow renamed this task from [QueryService]Gracefull fail on attempting to shorten too long an URL to [QueryService UI]Gracefull fail on attempting to shorten too long an URL.Oct 6 2023, 8:35 AM
Fring subscribed.Mar 6 2024, 9:11 AM

It seems this is indeed caused by the length of the payload, however blocking seems to be happening at Cloudflare level (which seems to be in front of TinyURL), which just returns 403 without further explanation.

Not sure how to debug _why_ Cloudflare doesn't like these longish URL params right now.

Tarrow subscribed.Apr 18 2024, 1:38 PM

This issue doesn't seem to occur as regularly on Wikidata because they do not use tinyurl for shortening.

It seems like there is a possible fix in the UI to do something better than showing a blackbox; in addition to this it would be nice to fix the cause of this happening so regularly (perhaps by selecting and configuring a different URL shortener T362888 ?)

Tarrow moved this task from Engineering prioritised backlog to Product prioritized backlog on the Wikibase Cloud board.Apr 18 2024, 1:40 PM
Tarrow added a subscriber: Charlie_WMDE.

Moving to the product backlog; I believe this now requires some input from @Charlie_WMDE about what a more graceful failure method would look like

Tarrow added a comment.Apr 24 2024, 11:18 AM

It's not a black box on chrome but a slightly more graceful error image:

image.png (138×528 px, 22 KB)

Anton.Kokh triaged this task as Medium priority.Jun 11 2024, 3:27 PM
Tarrow renamed this task from [QueryService UI]Gracefull fail on attempting to shorten too long an URL to [timebox 4h] [QueryService UI]Gracefull fail on attempting to shorten too long an URL.Oct 24 2024, 12:37 PM
Tarrow edited projects, added Wikibase Cloud (Kanban Board Q4 2024); removed Wikibase Cloud.
Andrew-WMDE claimed this task.Oct 30 2024, 12:54 PM
Andrew-WMDE updated Other Assignee, added: Andrew-WMDE.
Andrew-WMDE updated Other Assignee, removed: Andrew-WMDE.
Andrew-WMDE moved this task from To do to Doing on the Wikibase Cloud (Kanban Board Q4 2024) board.
Andrew-WMDE added a comment.Oct 30 2024, 3:35 PM

This query doesn't fail because it's too long, but because Cloudflare likely thinks it contains a SQL injection. It works just fine if you remove concat from the query before trying to shorten the link.

Cloudflare's error message when manually calling TinyURL in a separate tab:

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

This patch (https://github.com/wbstack/queryservice-ui/pull/292) introduces the following:

  1. Switching from GET to POST to mitigate any future length issues
  2. Using Ajax instead of an <iframe> for improved error handling
  3. Base64 encoding the query before shortening to avoid getting falsely flagged
Andrew-WMDE moved this task from Doing to In Review on the Wikibase Cloud (Kanban Board Q4 2024) board.Oct 30 2024, 3:35 PM
Tarrow moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (Kanban Board Q4 2024) board.Nov 1 2024, 9:02 AM
Tarrow added a subscriber: dang.Nov 1 2024, 9:30 AM

Looks great, we talked about @dang going ahead and shipping this today but we realised that we'd not really talked about that as a team (taking and shipping your patch). We agreed to wait until Monday but wanted to remember to have a chat about maybe changing our working mode to agree we'd pick up tickets like this and drive them forwards while people are away.

I wonder if we also want to upstream this change?

Andrew-WMDE moved this task from Waiting for Deploy to Staging to Waiting for Deploy to Production on the Wikibase Cloud (Kanban Board Q4 2024) board.Nov 4 2024, 3:59 PM
Andrew-WMDE moved this task from Waiting for Deploy to Production to Done on the Wikibase Cloud (Kanban Board Q4 2024) board.Nov 7 2024, 9:20 AM
Anton.Kokh closed this task as Resolved.Nov 11 2024, 9:45 AM
Tarrow mentioned this in T381578: TinyURL generation fails ungracefully.Dec 5 2024, 2:29 PM
Tarrow added a comment.Dec 5 2024, 2:35 PM

Ticket to upstream this fix T381578

Charlie_WMDE unsubscribed.Dec 6 2024, 12:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits