Page MenuHomePhabricator
Create Task
Maniphest T367290

Consider using preconnect for https://phab.wmfusercontent.org CDN
Open, Stalled, LowPublic
Actions

Description

Upstream: https://we.phorge.it/T15859

Check if we use dns-prefetch / preconnect for phab.wmfusercontent.org defined in https://phabricator.wikimedia.org/config/edit/security.alternate-file-domain/ : https://developer.mozilla.org/en-US/docs/Web/Performance/dns-prefetch
No grep results for both strings in upstream Phorge/Arcanist code.

cf old and potentially related or obsolete comment: T670#11554

Related Objects

Event Timeline

Aklapper triaged this task as Low priority.Jun 12 2024, 12:14 PM
Aklapper created this task.
Aklapper renamed this task from Check if we use dns-prefetch / preconnect for phab.wmfusercontent.org to Consider using preconnect for https://phab.wmfusercontent.org CDN.Jun 12 2024, 11:24 PM
Aklapper claimed this task.
Aklapper edited projects, added Phabricator (Upstream), Upstream; removed Phabricator.
Aklapper added a project: Traffic.

Would be trivial four lines in Phabricator code but would love to hear from Traffic folks if this makes sense in our setup? (Feel free to remove the tag again!)
security.alternate-file-domain is set to https://phab.wmfusercontent.org in our WMF setup.

diff --git a/src/aphront/response/AphrontResponse.php b/src/aphront/response/AphrontResponse.php
index 355177e316..82130dcc0e 100644
--- a/src/aphront/response/AphrontResponse.php
+++ b/src/aphront/response/AphrontResponse.php
@@ -110,6 +110,13 @@ abstract class AphrontResponse extends Phobject {
 
     $headers[] = array('Referrer-Policy', 'no-referrer');
 
+    $cdn = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
+    if ($cdn) {
+      $headers[] = array('Link', '<' . $cdn . '>; rel="preconnect"');
+    }
+
     foreach ($this->headers as $header) {
       $headers[] = $header;
     }

Test Plan:

  1. Set http://phorge.localhost/config/edit/security.alternate-file-domain/ via ./bin/config set "security.alternate-file-domain" "https://whatever.example.com/"
  2. Open the "Network" tab in your web browser's "Developer Tools" and go to http://phorge.localhost/
  3. Check under "Headers" that "Response Headers" includes the new header Link: <https://whatever.example.com/>; rel="preconnect".
Aklapper updated the task description. (Show Details)Jun 18 2024, 10:29 AM
Aklapper moved this task from Backlog to Upstreamed on the Phabricator (Upstream) board.Jun 18 2024, 10:32 AM
Aklapper changed the task status from Open to Stalled.Jun 18 2024, 10:36 AM
Aklapper moved this task from Backlog to Patch proposed upstream on the Upstream board.
Vgutierrez moved this task from Backlog to Radar/Not for service by Traffic on the Traffic board.Jun 18 2024, 10:45 AM
Vgutierrez subscribed.

we already leverage preconnect on some cases but not as an HTTP Header but using the HTML <link> tag:

$ curl -v -s https://en.wikipedia.org/wiki/Main_Page 2>&1 |grep -i preconnect
<link rel="preconnect" href="//upload.wikimedia.org">

From the top of my head I don't think the CDN would filter out a Link header set by a backend server though.

Vgutierrez added a comment.Jun 19 2024, 8:48 AM

@Aklapper we've briefly discussed this yesterday during the Traffic weekly meeting and you can proceed and enable preconnect

Aklapper added a comment.Jun 19 2024, 3:36 PM

Thanks a lot! I'm going to wait on upstream conversations in https://we.phorge.it/T15859 what's the most suited place in the code base.

Aklapper added a comment.Jul 3 2024, 10:49 AM

Thanks. Waiting on getting this merged into upstream first not to increase our downstream diff

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits