Page MenuHomePhabricator

Tgr (Gergő Tisza)
Software Engineer, WMF

Projects (41)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Sep 19 2014, 4:55 PM (499 w, 2 d)
Availability
Available
IRC Nick
tgr
LDAP User
Gergő Tisza
MediaWiki User
Tgr (WMF) [ Global Accounts ]

Things my team is working on: MediaWiki-Platform-Team
Side projects I am working on (or planning to, eventually): User-Tgr
You can find more info about me on my user page.

Recent Activity

Yesterday

Tgr added a comment to T353589: Opt out of Chrome topic calculation on Wikimedia sites & Cloud Services.

This results in a slightly annoying (although probably harmless) Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'. console error, at least when using the Beta channel release of Chrome.
Not sure what's happening - there doesn't seem to be any ongoing origin trial for topics, it shows up (and is enabled) in my settings. But the chrome://flags/#privacy-sandbox-ads-apis feature flag seems to be disabled by default.

Sun, Apr 14, 6:15 PM · Patch-For-Review, User-Frostly, SRE, Traffic, Privacy Engineering, Privacy
Tgr added a comment to T362480: Introduces the notion of modules into the REST API framework.

"Modules" is a somewhat unfortunate name IMO, given that the action API calls single endpoints "modules".

Sun, Apr 14, 10:59 AM · Patch-For-Review, Documentation, MW-Interfaces-Team, MediaWiki-REST-API

Sat, Apr 13

Tgr added a comment to T316303: Check global rights during autocreation.

The problem is that User::isRegistered() tries to load the user, and User::isItemLoaded( 'name' ) is always true if we tried to load the user, even if it's an anonymous user.

Sat, Apr 13, 4:27 PM · Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager

Fri, Apr 12

Tgr added a comment to T362331: SessionBackend: remove dependency on Kask/Cassandra.

The benefit of a proper migration is that the new store can shadow the old one for a while and we can test whether it works correctly, performance characteristics etc. without affecting user experience at all.

Fri, Apr 12, 1:12 PM · MediaWiki-Platform-Team
Tgr added a comment to T163492: With $wgReadOnly set and when $wgSessionCacheType = CACHE_DB, ApiQueryTokens will return invalid tokens.

Could be a setup issue if you have a multiwiki setup, where the DB where objectcache is stored is not the one that was set to readonly. Other than that, it would be pretty surprising if writes went through in readonly mode - it uses the same DB abstraction layer as everything else.

Fri, Apr 12, 1:10 PM · MediaWiki-Platform-Team, MediaWiki-libs-BagOStuff, MediaWiki-Core-AuthManager

Thu, Apr 11

Tgr added a comment to T362331: SessionBackend: remove dependency on Kask/Cassandra.

for the first week use MultiWriteBagOStuff and write session data both to Kask and Memcache

Thu, Apr 11, 8:19 PM · MediaWiki-Platform-Team
Tgr added a comment to T362331: SessionBackend: remove dependency on Kask/Cassandra.

will help to librarify BagOStuff

Thu, Apr 11, 8:13 PM · MediaWiki-Platform-Team
Tgr added a comment to T362335: Decide on MediaWiki session store at WMF (2024).

What would that mean on the MediaWiki level? Building a new cache service? None of the options under https://www.mediawiki.org/wiki/Object_cache#Services have cross-DC replication, right? (Other than the main stash, but that's SQL-based and too slow.)

Thu, Apr 11, 8:06 PM · MediaWiki-Platform-Team
Tgr added a parent task for T124371: Clean up usage of $_SESSION in WMF-deployed extensions: T362324: Disable PHPSessionHandler in Wikimedia production.
Thu, Apr 11, 12:24 PM · Sustainability (Incident Followup), Technical-Debt, WMF-General-or-Unknown, User-Tgr
Tgr added a subtask for T362324: Disable PHPSessionHandler in Wikimedia production: T124371: Clean up usage of $_SESSION in WMF-deployed extensions.
Thu, Apr 11, 12:24 PM · MediaWiki-Platform-Team, MediaWiki-Core-AuthManager
Tgr added a comment to T352913: session_write_close failure in PHPSessionHandlerTest under php8.3.

I meant session.save_path should never be touched since PHPSessionHandler doesn't use it. But probably this is just a poorly phrased PHP error message that and the actual error has nothing to do with that path.

Thu, Apr 11, 12:22 PM · MediaWiki-Platform-Team, PHP 8.3 support, MediaWiki-Core-AuthManager
Tgr created T362324: Disable PHPSessionHandler in Wikimedia production.
Thu, Apr 11, 12:17 PM · MediaWiki-Platform-Team, MediaWiki-Core-AuthManager

Mon, Apr 8

Tgr added a comment to T356004: Help password managers to detect TOTP login input.

IMO we should separate the TOTP and scratch token fields (or use the same field but use JS to switch validation rules).

Mon, Apr 8, 8:05 PM · MediaWiki-extensions-OATHAuth
Tgr updated the task description for T355377: Update MediaWiki Platform team owned products for IP masking.
Mon, Apr 8, 2:42 PM · MW-1.42-notes (1.42.0-wmf.22; 2024-03-12), Temporary accounts, MediaWiki-Platform-Team

Sun, Apr 7

Tgr added a project to T361510: Replace Redis in MediaWiki-Vagrant: User-Tgr.
Sun, Apr 7, 7:55 AM · User-Tgr, MediaWiki-Vagrant
Tgr created T362017: BetaFeatures does not update the usage counts for features used by zero people.
Sun, Apr 7, 7:49 AM · BetaFeatures

Sat, Apr 6

Tgr added a comment to T361407: Add short-to-type aliases for <syntaxhighlight> and <syntaxhighlight inline>.

<pre> is indeed processed in wikitext similar to many Markdown implementations, with "nowiki"-like treatment applied.

Another unofficial, but fairly common, feaure in Markdown implementation is support for <pre lang="js">. This works on GitHub, Gitiles, Doxygen, npmjs.org, and probably others. It'd be tricky to somehow work that into the SyntaxHighlight extension as it'd require replacing a core parser tag (or hooking into its callback), but not impossible.

Sat, Apr 6, 6:35 PM · Patch-For-Review, SyntaxHighlight
Tgr added a comment to T361407: Add short-to-type aliases for <syntaxhighlight> and <syntaxhighlight inline>.

Readability trumps writability, IMO. If you find it annoying to type <syntaxhighlight inline> or <code><nowiki> (me too), some ideas:

  • Better editor support (a keyboard shortcut, or opening up a syntaxhilight dialog when you type ```).
  • Introduce <syntax> or <highlight>, which isn't all that shorter, but easy to understand and doesn't conflict with HTML.
  • Introduce a pseudo-namespace, like <mw:code>.
  • Probably not feasible to do retroactively, but I wonder whether making <syntaxhighlight>text</syntaxhighlight> automatically inline iff text doesn't contain any newline would have made sense.
  • We could create a parser tag for <code> or <source>, but have it just output the HTML tag unless some distinctive property is used. lang is also a HTML property though, so not the best candidate for that. Maybe something like format or type?
  • Maybe the pre-save transform could convert <sh> and <shi> into <syntaxhighlight> / <syntaxhighlight inline>? That feels very hacky... also, not easy to do I think.
Sat, Apr 6, 6:27 PM · Patch-For-Review, SyntaxHighlight
Tgr reopened T360562: CSS sanitizer should support using CSS variables (not setting/creating them) for use in color values in TemplateStyles as "Open".

Not really done, it's only supported for color-related properties.

Sat, Apr 6, 4:13 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), Patch-For-Review, FY2023-24-WE 2.1 Typography and palette customizations, TemplateStyles, css-sanitizer, Web-Team-Backlog (FY2023-24 Q3 Sprint 6)
Tgr reopened T360562: CSS sanitizer should support using CSS variables (not setting/creating them) for use in color values in TemplateStyles, a subtask of T320322: Support CSS variables in TemplateStyles, as Open.
Sat, Apr 6, 4:10 PM · Web-Team-Backlog, Design-System-Team, FY2023-24-WE 2.1 Typography and palette customizations, css-sanitizer, TemplateStyles
Tgr reopened T360562: CSS sanitizer should support using CSS variables (not setting/creating them) for use in color values in TemplateStyles, a subtask of T355244: Support Codex design tokens in TemplateStyles, as Open.
Sat, Apr 6, 4:10 PM · Design-System-Team, Codex, TemplateStyles
Tgr added a comment to T163492: With $wgReadOnly set and when $wgSessionCacheType = CACHE_DB, ApiQueryTokens will return invalid tokens.

At the very least, it will swallow the details of the error (there's the StorageAwareness::ERR_* constant but they are not very specific) so I don't think it's possible to return a readonly error code, short of adding some mechanism to BagOStuff to preserve the actual exception. We'd also have to propagate error details through CachedBagOStuff. And then SessionBackend::save() could log an error. Maybe eventually throw, although I don't know if session saves are guaranteed to happen before the response is sent.

Sat, Apr 6, 9:50 AM · MediaWiki-Platform-Team, MediaWiki-libs-BagOStuff, MediaWiki-Core-AuthManager

Fri, Apr 5

Tgr closed T361861: Unblock stuck global rename of Rookiewompus715 as Resolved.

Done. Didn't see any clue in the logs for what might have gone wrong.

Fri, Apr 5, 7:14 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth, Wikimedia-Site-requests
Tgr edited projects for T309772: npm audit reports several security issues with Service runner, added: MediaWiki-Engineering; removed MediaWiki-Platform-Team.
Fri, Apr 5, 6:57 PM · MediaWiki-Engineering, CX-cxserver, Security, service-runner
Tgr added a comment to T345245: Mitigate phase-out of third-party cookies across MediaWiki in production.

With T345249: Mitigate phase-out of third-party cookies in CentralAuth deployed, third-party cookie blocking is now disabled in Chrome (and maybe other Chrome-like browsers but I found no information about that) until the end of the calendar year. If you want to investigate whether something will be affected by cookie blocking, set chrome://flags/#top-level-third-party-cookie-deprecation-trial to Disabled first.

Fri, Apr 5, 6:26 PM · Foundational Technology Requests

Tue, Apr 2

Tgr closed T357935: Show temp user status on Special:CentralAuth/<username>, a subtask of T326937: Prepare CentralAuth extension for IP Masking, as Resolved.
Tue, Apr 2, 2:28 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth, Anti-Harassment, Temporary accounts
Tgr closed T357935: Show temp user status on Special:CentralAuth/<username>, a subtask of T358030: denote whether temporary accounts is expired, as Resolved.
Tue, Apr 2, 2:28 PM · Temporary accounts
Tgr closed T357935: Show temp user status on Special:CentralAuth/<username> as Resolved.
Tue, Apr 2, 2:28 PM · MW-1.42-notes (1.42.0-wmf.24; 2024-03-26), MediaWiki-Platform-Team, Temporary accounts, MediaWiki-extensions-CentralAuth
Tgr added a comment to T361520: "The cypress npm package is installed, but the Cypress binary is missing" error prevents merging changes.

Quibble sets XDG_CACHE_HOME=/cache. I guess that directory then gets cleared between running npm and running the tests?

Tue, Apr 2, 1:52 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), Patch-For-Review, ContentTranslation, Cite, DiscussionTools, MobileFrontend, ci-test-error (WMF-deployed Build Failure)
Tgr closed T327017: Make common methods more convenient to access in PsySH as Resolved.

This was done (to some extent) in rMWe2bad0508926: debug: Add `MW` class as helper for eval.php and shell.php.

Tue, Apr 2, 1:10 PM · Patch-For-Review, MediaWiki-Maintenance-system, User-Tgr, Developer Productivity, MediaWiki-General
Tgr added a comment to T163492: With $wgReadOnly set and when $wgSessionCacheType = CACHE_DB, ApiQueryTokens will return invalid tokens.

I guess the issue here is BagOStuff having cache semantics (where write failures get silently ignored under the assumption that they will, at worst, cause some performance degradation - see SqlBagOStuff::handleDBError()) but being used for some things with not-quite-cache-semantics such as session data.

Tue, Apr 2, 10:31 AM · MediaWiki-Platform-Team, MediaWiki-libs-BagOStuff, MediaWiki-Core-AuthManager
Tgr added a subtask for T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions: T125599: Create some end-to-end tests for SessionManager.
Tue, Apr 2, 10:19 AM · Test-Coverage, MediaWiki-Platform-Team, Epic, MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager
Tgr added a parent task for T125599: Create some end-to-end tests for SessionManager: T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.
Tue, Apr 2, 10:19 AM · Browser-Tests, MediaWiki-Core-AuthManager

Mon, Apr 1

Tgr closed T359957: Enroll in Chrome third-party cookies deprecation trial, a subtask of T345249: Mitigate phase-out of third-party cookies in CentralAuth, as Resolved.
Mon, Apr 1, 6:55 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr closed T359957: Enroll in Chrome third-party cookies deprecation trial as Resolved.
Mon, Apr 1, 6:54 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr added a comment to T45646: "MediaWiki:Copyright" message allows raw HTML.

¹ Which guidelines, actually? Perhaps these? I was a bit surprised that they mention only <a> and not <link>. Maybe we don't need <link rel="license"> either?

Mon, Apr 1, 6:54 PM · I18n, Security, MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Vuln-XSS, MediaWiki-General
Tgr updated the task description for T265362: OAuth extension - update\add logic of userCanSeeSecret() method of Backend\ConsumerAcceptance class..
Mon, Apr 1, 6:33 PM · serviceops, Platform Team Initiatives (API Gateway), MediaWiki-extensions-OAuth, Platform Team Workboards (S&F Workboard)
Tgr updated the task description for T265362: OAuth extension - update\add logic of userCanSeeSecret() method of Backend\ConsumerAcceptance class..
Mon, Apr 1, 6:33 PM · serviceops, Platform Team Initiatives (API Gateway), MediaWiki-extensions-OAuth, Platform Team Workboards (S&F Workboard)
Tgr added a subtask for T360596: Figure out a plan to move forward with regarding Redis License changes: T361510: Replace Redis in MediaWiki-Vagrant.
Mon, Apr 1, 6:30 PM · Patch-For-Review, User-aborrero, serviceops, MediaWiki-Platform-Team (Radar), collaboration-services, Release-Engineering-Team (Radar), Quarry, Toolforge, Software-Licensing, Infrastructure-Foundations, netbox, Platform Team Initiatives (API Gateway), GitLab, ChangeProp, MediaWiki-File-management, SRE
Tgr added a parent task for T361510: Replace Redis in MediaWiki-Vagrant: T360596: Figure out a plan to move forward with regarding Redis License changes.
Mon, Apr 1, 6:30 PM · User-Tgr, MediaWiki-Vagrant
Tgr created T361510: Replace Redis in MediaWiki-Vagrant.
Mon, Apr 1, 6:30 PM · User-Tgr, MediaWiki-Vagrant
Tgr updated the task description for T360596: Figure out a plan to move forward with regarding Redis License changes.
Mon, Apr 1, 6:14 PM · Patch-For-Review, User-aborrero, serviceops, MediaWiki-Platform-Team (Radar), collaboration-services, Release-Engineering-Team (Radar), Quarry, Toolforge, Software-Licensing, Infrastructure-Foundations, netbox, Platform Team Initiatives (API Gateway), GitLab, ChangeProp, MediaWiki-File-management, SRE
Tgr added a project to T261462: [API Gateway] Migrate away from wikimedia/oauth2-server fork to upstream: MediaWiki-extensions-OAuth.
Mon, Apr 1, 6:02 PM · MediaWiki-Platform-Team, MediaWiki-extensions-OAuth, serviceops, Technical-Debt, Platform Team Workboards (Green), Platform Team Initiatives (API Gateway), Upstream
Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

FWIW, this is how the new Chrome UI looks:

Screenshot from 2024-04-01 19-36-19.png (652×683 px, 70 KB)
Screenshot from 2024-04-01 19-37-37.png (827×729 px, 94 KB)
Screenshot from 2024-04-01 19-09-38.png (636×691 px, 70 KB)
Screenshot from 2024-04-01 19-39-04.png (756×751 px, 88 KB)
Screenshot from 2024-04-01 19-40-03.png (1×1 px, 268 KB)
tracking dialog, default statetracking dialog after clicking the toggleincognito tracking dialog, default stateincognito tracking dialog after clicking the toggleTracking Protection subpage in settings
Mon, Apr 1, 5:45 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

I have set

  • chrome://flags/#tracking-protection-3pcd -> enabled
  • chrome://flags/#tpcd-heuristics-grants -> disabled
  • chrome://flags/#tpcd-metadata-grants -> disabled
  • chrome://flags/#top-level-third-party-cookie-deprecation-trial -> enabled / disabled
Mon, Apr 1, 5:08 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team

Sun, Mar 31

Tgr moved T337161: Make PHPUnit dataProvider static in OAuth tests from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.
Sun, Mar 31, 9:53 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MediaWiki-Platform-Team, Patch-For-Review, MediaWiki-extensions-OAuth
Tgr added a comment to T355957: Switching to mobile view on wikis without a mobile domain no longer works.

I think it was caused by rEMFRf202ed928d02: No need to set target anymore removing a MobileContext call whose side effect the rest of MobileContext depended on. I made a minimal fix but preferably the code flow of that class should be improved - if a class uses a state flag then either it should have a mechanism that always sets the flag on demand, or throw when the flag is unexpectedly unset.

Sun, Mar 31, 5:13 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), Patch-For-Review, MW-1.42-release, Web-Team-Backlog (Needs Prioritization (Tech)), Reading-Web-Third-Party-Support, MobileFrontend

Fri, Mar 29

Tgr added a comment to T345249: Mitigate phase-out of third-party cookies in CentralAuth.

With third-party cookie blocking enabled, after a central login, Chrome's Issues tab says this:

Chrome may soon delete state for intermediate websites in a recent navigation chain
In a recent navigation chain, one or more websites accessed some form of local storage without prior user interaction. If these websites don't get such an interaction soon, Chrome will delete their state.
1 potentially tracking website: wikimedia.org
Learn more: Bounce tracking mitigations

which suggests central login and top-level autologin wouldn't survive the rollout of cookie blocking, either. I haven't reviewed the linked spec in full, but I think the relevant part is #bounce-tracking-mitigations-timers which basically says if a domain has not received user interaction in the last 45 days and it does not receive user interaction within 1 hour of the bounce tracking (ie. doing the central login redirect chain), all cookies, cache and other stored data for login.wikimedia.org will get scrubbed. This is much more aggressive than e.g. the bounce tracking mitigations used by Firefox and would render central login (in its current form) entirely useless.

Fri, Mar 29, 10:34 AM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth

Thu, Mar 28

Tgr added a subtask for T345249: Mitigate phase-out of third-party cookies in CentralAuth: T359957: Enroll in Chrome third-party cookies deprecation trial.
Thu, Mar 28, 9:15 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a parent task for T359957: Enroll in Chrome third-party cookies deprecation trial: T345249: Mitigate phase-out of third-party cookies in CentralAuth.
Thu, Mar 28, 9:15 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr added a comment to T361244: Wikimedia\Assert\PreconditionException: Precondition failed: This Title instance does not represent a proper page, but merely a link target..

It's been still happening after the train rollback, but just barely. Job queue delay I guess?

Thu, Mar 28, 9:10 PM · MediaWiki-Page-derived-data, Unstewarded-production-error, MediaWiki-extensions-Disambiguator, Wikimedia-production-error
Tgr closed T361177: APCU cache mixup across wikis (Incorrect namespace displayed as title on a zh.wikivoyage page) as Resolved.

Seems fixed.

Thu, Mar 28, 9:07 PM · MW-1.42-notes (1.42.0-wmf.25; 2024-04-02), Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-libs-BagOStuff, Regression, Chinese-Sites
Tgr closed T361177: APCU cache mixup across wikis (Incorrect namespace displayed as title on a zh.wikivoyage page), a subtask of T360156: 1.42.0-wmf.24 deployment blockers, as Resolved.
Thu, Mar 28, 9:04 PM · Patch-For-Review, Release-Engineering-Team (Priority Backlog 📥), Release, Train Deployments
Tgr updated the task description for T361177: APCU cache mixup across wikis (Incorrect namespace displayed as title on a zh.wikivoyage page).
Thu, Mar 28, 7:12 PM · MW-1.42-notes (1.42.0-wmf.25; 2024-04-02), Patch-For-Review, MediaWiki-Platform-Team, MediaWiki-libs-BagOStuff, Regression, Chinese-Sites
Tgr updated the task description for T359957: Enroll in Chrome third-party cookies deprecation trial.
Thu, Mar 28, 6:26 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr added a comment to T355376: Replace $wgSharedDb with virtual domains.

Apparently SpamRegex and MultiMail also make use of shared tables.

Thu, Mar 28, 5:46 PM · MW-Interfaces-Team, Technical-Debt, MediaWiki-libs-Rdbms, MediaWiki-Core-AuthManager
Tgr added a comment to T359775: LoadBalancer::resolveDomainId should support virtual domains.

From an end user POV the LB/LBF differentation is pretty much never useful, if you need an LB you'll just do $lbf->getMainLB( $domain ). But the LB/LBF interfaces have all kinds of things that are not present on ICP but sometimes needed. Those could be moved to ICP but there is also benefit in keeping ICP simple and limited to functionality that's often used.

Thu, Mar 28, 5:26 PM · Data-Persistence, MediaWiki-libs-Rdbms

Wed, Mar 27

Tgr added a comment to T345245: Mitigate phase-out of third-party cookies across MediaWiki in production.

Google apparently built a DevTools plugin (the Privacy Sandbox Analysis Tool) for detecting issues caused by cookie blocking, so that might be a good way of looking for potential breakage.

Wed, Mar 27, 11:46 PM · Foundational Technology Requests
Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

The more public-facing Google posts are a bit confusing about whether there are usage limits for the trial, but the origin trials developer guide is pretty clear that they don't apply to deprecation trials, so we won't have to worry about that.

Wed, Mar 27, 11:44 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr updated the task description for T359957: Enroll in Chrome third-party cookies deprecation trial.
Wed, Mar 27, 11:22 PM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr created T361153: "Search for pages containing" option does not search on exact match when using keyboard.
Wed, Mar 27, 8:03 PM · Accessibility, Web-Team-Backlog, MediaWiki-User-Interface (autocomplete search)
Tgr added a comment to T41662: Allow -webkit-filter CSS.

(FWIW css-sanititer does handle filter already.)

Wed, Mar 27, 2:06 PM · MediaWiki-Parser
Tgr merged T41662: Allow -webkit-filter CSS into T308160: Uncensor use of "filter" CSS property on wikitext pages.
Wed, Mar 27, 1:53 PM · Parsoid, User-notice-archive, MW-1.42-notes (1.42.0-wmf.19; 2024-02-20), Security, MediaWiki-General, CSS
Tgr removed a project from T41662: Allow -webkit-filter CSS: css-sanitizer.

I'll just untag and close as duplicate to reduce confusion. Please file a dedicated task for TemplateStyles / css-sanitizer if you think this functionality is needed there.

Wed, Mar 27, 1:53 PM · MediaWiki-Parser
Tgr merged task T41662: Allow -webkit-filter CSS into T308160: Uncensor use of "filter" CSS property on wikitext pages.
Wed, Mar 27, 1:52 PM · MediaWiki-Parser
Tgr added a comment to T41662: Allow -webkit-filter CSS.

T308160: Uncensor use of "filter" CSS property on wikitext pages is about the wikitext parser. This issue is tagged as TemplateStyles (now, at least; presumably the task author meant the task to be about the parser, since it predates the existence of TemplateStyes). In TemplateStyles, this isn't resolved.

Wed, Mar 27, 1:51 PM · MediaWiki-Parser
Tgr added a comment to T345566: error.log is not rotated in beta.

Seems properly rotated now:

tgr@deployment-mwlog02:~$ ls -l /srv/mw-log/archive/err*
-rw-r--r-- 1 udp2log udp2log 39300 Mar 12 15:45 /srv/mw-log/archive/error.log-20240313.gz
-rw-r--r-- 1 udp2log udp2log  2528 Mar 13 09:21 /srv/mw-log/archive/error.log-20240314.gz
-rw-r--r-- 1 udp2log udp2log   574 Mar 14 01:20 /srv/mw-log/archive/error.log-20240315.gz
-rw-r--r-- 1 udp2log udp2log  2277 Mar 15 22:45 /srv/mw-log/archive/error.log-20240316.gz
-rw-r--r-- 1 udp2log udp2log  1371 Mar 16 07:23 /srv/mw-log/archive/error.log-20240317.gz
-rw-r--r-- 1 udp2log udp2log  1518 Mar 17 15:32 /srv/mw-log/archive/error.log-20240318.gz
-rw-r--r-- 1 udp2log udp2log  2804 Mar 18 16:19 /srv/mw-log/archive/error.log-20240319.gz
-rw-r--r-- 1 udp2log udp2log  1205 Mar 19 18:56 /srv/mw-log/archive/error.log-20240320.gz
-rw-r--r-- 1 udp2log udp2log  1928 Mar 20 18:32 /srv/mw-log/archive/error.log-20240321.gz
-rw-r--r-- 1 udp2log udp2log  2150 Mar 21 21:53 /srv/mw-log/archive/error.log-20240322.gz
-rw-r--r-- 1 udp2log udp2log  1400 Mar 22 18:21 /srv/mw-log/archive/error.log-20240323.gz
-rw-r--r-- 1 udp2log udp2log  3176 Mar 23 16:15 /srv/mw-log/archive/error.log-20240324.gz
-rw-r--r-- 1 udp2log udp2log   575 Mar 24 01:20 /srv/mw-log/archive/error.log-20240325.gz
-rw-r--r-- 1 udp2log udp2log  1824 Mar 25 16:46 /srv/mw-log/archive/error.log-20240326.gz
-rw-r--r-- 1 udp2log udp2log 52860 Mar 26 21:46 /srv/mw-log/archive/error.log-20240327
Wed, Mar 27, 1:47 PM · Beta-Cluster-Infrastructure
Tgr added a comment to T359957: Enroll in Chrome third-party cookies deprecation trial.

The relevant information from the non-public tasks and admin UI:

  • "Trial Available: Up to Chrome 132 (ends with the rollout of next Chrome release), no later than Dec 28, 2024"
  • "If you’d like to submit additional third-party domains for review for this top level site, please email 3pcd-1p-deprecationtrial@google.com."
  • "For all other questions and issues, please visit our blog post. If further support is needed, please file an issue here"
Wed, Mar 27, 10:13 AM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team
Tgr updated the task description for T359957: Enroll in Chrome third-party cookies deprecation trial.
Wed, Mar 27, 10:10 AM · Patch-For-Review, WMF-General-or-Unknown, MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team

Tue, Mar 26

Tgr added a comment to T325229: add option to set cookies hostOnly property.

Host-only is not a flag, it's a cookie name prefix (MDN docs). It's not strictly impossible to control it via a $wg* flag that is separate from $wgCookiePrefix, but it could get confusing.

Tue, Mar 26, 11:34 PM · MediaWiki-General, Security
Dreamy_Jazz awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 26, 9:41 PM · MediaWiki-Gerrit-Group-Requests
Volker_E awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 26, 6:09 PM · MediaWiki-Gerrit-Group-Requests
Winston_Sung awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Love token.
Tue, Mar 26, 2:40 AM · MediaWiki-Gerrit-Group-Requests

Mon, Mar 25

Tgr added a comment to T360558: REST API tests in OAuth failing.

Caused by rMW1986f2bfb089: REST: Accept POST with empty body and no content-type.

Mon, Mar 25, 11:01 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MW-Interfaces-Team, MediaWiki-REST-API, ci-test-error, MediaWiki-extensions-OAuth
Tgr closed T360262: Error: Call to a member function getUserId() on bool as Invalid.

Happened one time in the last 90 days, probably a race condition. The offending code is

$oauthRequest = MWOAuthRequest::fromRequest( $request );
// verify_request throws an exception if anything isn't verified
[ $consumer, $token ] = $server->verify_request( $oauthRequest );
(...)
$access = ConsumerAcceptance::newFromToken( $dbr, $token->key );
$localUser = Utils::getLocalUserFromCentralId( $access->getUserId() );

which should never pass the first half if the consumer acceptance doesn't exist, because OAuthServer::verify_request() checks for it, but maybe the user revoked access from that OAuth app in the exact same moment or whatever. It should be fine to ignore, given how unlikely it is.

Mon, Mar 25, 10:54 PM · MediaWiki-extensions-OAuth, Wikimedia-production-error, MediaWiki-Platform-Team
Tgr added a comment to T359775: LoadBalancer::resolveDomainId should support virtual domains.

We encountered it while trying to use a virtual domain in a maintenance script (via Maintenance::getDB()). But there are plenty of other instances of code doing $services->getDBLoadBalancerFactory()->getMainLB( $domain )->doSomethingWith( $domain ) and usually that something involves resolveDomain (see the examples in the task description).

Mon, Mar 25, 10:46 PM · Data-Persistence, MediaWiki-libs-Rdbms
Tgr closed T360564: Improve the apihelp-setglobalaccountstatus-param-statecheck message: Remove angle brackets and clarify usage as Resolved.
Mon, Mar 25, 10:29 PM · MW-1.42-notes (1.42.0-wmf.24; 2024-03-26), MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth, Language-Team (Language-2024-January-March), Language-Technical Support (Language-Technical Support (Current) ), I18n, affects-translatewiki.net
Tgr closed T360564: Improve the apihelp-setglobalaccountstatus-param-statecheck message: Remove angle brackets and clarify usage, a subtask of T358384: Reduce the need to manually review markup in translatewiki exports, as Resolved.
Mon, Mar 25, 10:28 PM · Language-Team (Language-2024-April-June), MW-1.42-notes (1.42.0-wmf.24; 2024-03-26), Epic, Language-Technical Support (Language-Technical Support (Current) ), I18n, affects-translatewiki.net
Tgr added a comment to T360596: Figure out a plan to move forward with regarding Redis License changes.

In MediaWiki (as deployed at WMF), there exists 1 use of Redis, which is during file uploads via LockManager.

Mon, Mar 25, 8:33 PM · Patch-For-Review, User-aborrero, serviceops, MediaWiki-Platform-Team (Radar), collaboration-services, Release-Engineering-Team (Radar), Quarry, Toolforge, Software-Licensing, Infrastructure-Foundations, netbox, Platform Team Initiatives (API Gateway), GitLab, ChangeProp, MediaWiki-File-management, SRE

Fri, Mar 22

Dringsim awarded T187749: Make it possible to use code from an external repository for editor-controlled Javascript/CSS a Love token.
Fri, Mar 22, 3:33 PM · Patch-Needs-Improvement, Security, Security-Team, Wikimedia-Hackathon-2019, Wikimedia-Hackathon-2018, MediaWiki-extension-requests, User-Tgr, JavaScript, MediaWiki-extensions-Gadgets

Thu, Mar 21

Tgr created T360719: Add explicit "invalid" user token state for CentralAuthUser.
Thu, Mar 21, 9:21 PM · MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth
Tgr added a subtask for T345245: Mitigate phase-out of third-party cookies across MediaWiki in production: T360670: Mitigate phase-out of third-party cookies in OAuth.
Thu, Mar 21, 5:21 PM · Foundational Technology Requests
Tgr added a parent task for T360670: Mitigate phase-out of third-party cookies in OAuth: T345245: Mitigate phase-out of third-party cookies across MediaWiki in production.
Thu, Mar 21, 5:21 PM · MediaWiki-Platform-Team, MediaWiki-extensions-OAuth
Tgr created T360670: Mitigate phase-out of third-party cookies in OAuth.
Thu, Mar 21, 5:20 PM · MediaWiki-Platform-Team, MediaWiki-extensions-OAuth
jsn.sherman awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Thu, Mar 21, 3:12 PM · MediaWiki-Gerrit-Group-Requests

Wed, Mar 20

Zabe awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Wed, Mar 20, 6:32 PM · MediaWiki-Gerrit-Group-Requests
Tgr added a project to T360533: Lift IP cap on 2024-04-06 for Editathon for eswiki and commonswiki: Wikimedia-Site-requests.
Wed, Mar 20, 3:06 PM · User-Kizule, Patch-For-Review, Wikimedia-Site-requests, Spanish-Sites

Tue, Mar 19

MusikAnimal awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 9:59 PM · MediaWiki-Gerrit-Group-Requests
TheDJ awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 9:35 PM · MediaWiki-Gerrit-Group-Requests
Ammarpad awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 8:30 PM · MediaWiki-Gerrit-Group-Requests
DannyS712 awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 6:37 PM · MediaWiki-Gerrit-Group-Requests
Soda awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 5:08 PM · MediaWiki-Gerrit-Group-Requests
Novem_Linguae awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 4:53 PM · MediaWiki-Gerrit-Group-Requests
Jdforrester-WMF awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 4:42 PM · MediaWiki-Gerrit-Group-Requests
Bawolff awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 4:34 PM · MediaWiki-Gerrit-Group-Requests
WMDE-leszek awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 4:29 PM · MediaWiki-Gerrit-Group-Requests
sbassett awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 4:16 PM · MediaWiki-Gerrit-Group-Requests
Aklapper awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 3:36 PM · MediaWiki-Gerrit-Group-Requests
taavi awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 3:26 PM · MediaWiki-Gerrit-Group-Requests
Ladsgroup awarded T360442: +2 in mediawiki/ for Siddharth (SD0001) a Like token.
Tue, Mar 19, 3:26 PM · MediaWiki-Gerrit-Group-Requests