Page MenuHomePhabricator
Create Task
Maniphest T347344

User-scripts running on Wikipedia can no longer use ORES (CORS issue)
Closed, ResolvedPublic
Actions

Description

It looks like user-scripts running on Wikipedia can no longer use ORES. I'm getting a CORS error. You can test this by trying to run the following the JS dev console on a Wikimedia page:

$.ajax({url: "https://ores.wikimedia.org/v3/scores/"}).done(function(response){console.log(response)})

This is what I see:

Access to XMLHttpRequest at 'https://ores.wikimedia.org/v3/scores/' from origin 'https://en.wikipedia.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://ores.wikimedia.org/v3/scores/ net::ERR_FAILED 307

Details

SubjectRepoBranchLines +/-
ml-services: enable base CORS headers policy for ores-legacyoperations/deployment-chartsmaster+1 -0
Upgrade mesh and ingress modules for python-webappoperations/deployment-chartsmaster+26 -7
role::cache::text: set pass for ores.wikimedia.orgoperations/puppetproduction+1 -1
ores-legacy: fix allowed cross originsmachinelearning/liftwing/inference-servicesmain+1 -1
ml-services: allows CORS in ores-legacyoperations/deployment-chartsmaster+1 -1
ores-legacy: fix CORS headers and avoid redirectsmachinelearning/liftwing/inference-servicesmain+76 -4
Customize query in gerrit

Related Objects

Event Timeline

Halfak created this task.Sep 25 2023, 7:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 25 2023, 7:27 PM
Halfak added a subscriber: Ciell.Sep 25 2023, 7:28 PM

@Ciell reported the issue this weekend. All of my investigations lead to this error.

Halfak added a comment.Sep 25 2023, 7:30 PM

I confirmed that the issue persists when calling ores-legacy. E.g.

$.ajax({url: "https://ores-legacy.wikimedia.org/v3/scores/"}).done(function(response){console.log(response)})

Aklapper mentioned this in T347243: ORES article quality is gone from euwiki in Mozilla Firefox 117.0.1.Sep 25 2023, 7:53 PM
Novem_Linguae subscribed.Sep 25 2023, 9:49 PM

I confirm this bug on enwiki in the user script https://en.wikipedia.org/wiki/User:Evad37/rater, which has 1200 installs. The CORS error is:

Access to XMLHttpRequest at 'https://ores.wikimedia.org/v3/scores/enwiki?models=articlequality&revids=1164786582' from origin 'https://en.wikipedia.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

See also: https://en.wikipedia.org/wiki/User_talk:Evad37/rater.js#Missing_ORES_predication

The red in the screenshot below is probably a side effect of this:

image.png (1×1 px, 127 KB)

Widefox subscribed.Sep 25 2023, 10:06 PM

I confirm the Rater user-script can no longer use ORES in for enwiki.

MPGuy2824 subscribed.Sep 26 2023, 5:19 AM
gerritbot added a comment.Sep 26 2023, 5:29 AM

Change 960763 had a related patch set uploaded (by Ilias Sarantopoulos; author: Ilias Sarantopoulos):

[machinelearning/liftwing/inference-services@main] ores-legacy: fix CORS headers

https://gerrit.wikimedia.org/r/960763

gerritbot added a project: Patch-For-Review.Sep 26 2023, 5:29 AM
gerritbot added a comment.Sep 26 2023, 6:51 AM

Change 960763 merged by jenkins-bot:

[machinelearning/liftwing/inference-services@main] ores-legacy: fix CORS headers and avoid redirects

https://gerrit.wikimedia.org/r/960763

isarantopoulos mentioned this in rMLIS01046c3abb6b: ores-legacy: fix CORS headers and avoid redirects.Sep 26 2023, 6:51 AM
gerritbot added a comment.Sep 26 2023, 6:53 AM

Change 960998 had a related patch set uploaded (by Ilias Sarantopoulos; author: Ilias Sarantopoulos):

[operations/deployment-charts@master] ml-services: allows CORS in ores-legacy

https://gerrit.wikimedia.org/r/960998

Aklapper merged a task: T347243: ORES article quality is gone from euwiki in Mozilla Firefox 117.0.1.Sep 26 2023, 6:54 AM
Aklapper added subscribers: Theklan, isarantopoulos.
gerritbot added a comment.Sep 26 2023, 6:55 AM

Change 960998 merged by jenkins-bot:

[operations/deployment-charts@master] ml-services: allows CORS in ores-legacy

https://gerrit.wikimedia.org/r/960998

Maintenance_bot removed a project: Patch-For-Review.Sep 26 2023, 7:10 AM
gerritbot added a comment.Sep 26 2023, 8:48 AM

Change 961044 had a related patch set uploaded (by Ilias Sarantopoulos; author: Ilias Sarantopoulos):

[machinelearning/liftwing/inference-services@main] ores-legacy: fix allowed cross origins

https://gerrit.wikimedia.org/r/961044

gerritbot added a project: Patch-For-Review.Sep 26 2023, 8:48 AM
gerritbot added a comment.Sep 26 2023, 9:13 AM

Change 961044 merged by jenkins-bot:

[machinelearning/liftwing/inference-services@main] ores-legacy: fix allowed cross origins

https://gerrit.wikimedia.org/r/961044

isarantopoulos mentioned this in rMLISe7497e55d8c4: ores-legacy: fix allowed cross origins.Sep 26 2023, 9:15 AM
Maintenance_bot removed a project: Patch-For-Review.Sep 26 2023, 9:31 AM
gerritbot added a comment.Sep 26 2023, 1:18 PM

Change 961106 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] role::cache::text: set pass for ores.wikimedia.org

https://gerrit.wikimedia.org/r/961106

gerritbot added a project: Patch-For-Review.Sep 26 2023, 1:18 PM
gerritbot added a comment.Sep 26 2023, 1:20 PM

Change 961106 merged by Elukey:

[operations/puppet@production] role::cache::text: set pass for ores.wikimedia.org

https://gerrit.wikimedia.org/r/961106

Maintenance_bot removed a project: Patch-For-Review.Sep 26 2023, 1:31 PM
TheresNoTime subscribed.Sep 26 2023, 1:51 PM
calbon assigned this task to elukey.Sep 26 2023, 2:42 PM
calbon moved this task from Unsorted to In Progress on the Machine-Learning-Team board.
elukey added a comment.Sep 26 2023, 3:58 PM

I applied the following config to both ml-serve-eqiad and codfw:

# kubectl edit vs -n ores-legacy
[..] 
 - corsPolicy:
      allowCredentials: false
      allowHeaders:
      - Api-User-Agent
      allowMethods:
      - POST
      - GET
      allowOrigins:
      - exact: '*'

This option is not allowed in the deployment-charts' ingress config, we'll need to add it to make it permanent, but the above should fix ores-legacy for the time being. We should also revert the code added to ores-legacy to support CORS, since we'll handle it directly via istio/envoy configs.

Nux subscribed.Sep 26 2023, 4:27 PM

Petscan also depends on this. Or to be more exact it assumes calback parameter is available to avoid CORS issues.

Petscan is dead because of this (white page).

This fails with a syntax error (returns JSON, should return a function):

	$.getJSON ( 'https://ores.wikimedia.org/v3/scores/?callback=?' , function ( d ) {
		console.log ( d );
	} , 'json' ) ;
Novem_Linguae added a comment.Sep 26 2023, 9:28 PM

I am no longer able to reproduce this. Thank you for the quick patches. Can probably mark this as resolved, but will let the machine learning team make the decision on that in case they want to track it on their kanban board.

Note that Petscan is still broken over in T347367: ORES possibly blocking PetScan from loading? / T347317: petscan expects javascript function callback from ORES due to a different issue.

Ciell added a comment.Sep 28 2023, 9:09 AM

I can confirm the scripts on Dutch Wikipedia are working again.
As far as I can see, same for en-wp.

isarantopoulos added a comment.Sep 28 2023, 9:21 AM

The issue has indeed been fixed. We will resolve this task as soon we apply the permanent fix descibed by @elukey above.

gerritbot added a comment.Sep 28 2023, 9:34 AM

Change 961730 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] Upgrade mesh and ingress modules for python-webapp

https://gerrit.wikimedia.org/r/961730

gerritbot added a project: Patch-For-Review.Sep 28 2023, 9:34 AM

Change 961731 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] ml-services: enable base CORS headers policy for ores-legacy

https://gerrit.wikimedia.org/r/961731

gerritbot added a comment.Sep 28 2023, 12:56 PM

Change 961730 merged by Elukey:

[operations/deployment-charts@master] Upgrade mesh and ingress modules for python-webapp

https://gerrit.wikimedia.org/r/961730

gerritbot added a comment.Sep 28 2023, 12:59 PM

Change 961731 merged by Elukey:

[operations/deployment-charts@master] ml-services: enable base CORS headers policy for ores-legacy

https://gerrit.wikimedia.org/r/961731

elukey closed this task as Resolved.Sep 28 2023, 1:06 PM

Applied the permanent fix, all use cases work afaics! Thanks for reporting :)

Maintenance_bot removed a project: Patch-For-Review.Sep 28 2023, 1:10 PM
isarantopoulos moved this task from In Progress to 2023-2024 Q3 Done on the Machine-Learning-Team board.Nov 2 2023, 10:48 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL