Ema has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/356583 )
Change subject: varnish: add explicit guards around upload-specific VCL ...................................................................... varnish: add explicit guards around upload-specific VCL The conditional around CORS and commons redirect code in cluster_fe_err_synth is not strictly necessary as we are only returning synth 666/667 in cluster_fe_recv for upload. However, it seems like a good idea, if anything to avoid confusion. In upload-backend instead, the X-MediaWiki-Original code is definitely upload-only. Note that we need to use bereq.http.Host there instead of req.http.Host given that req is not available in vcl_backend_response. Bug: T164608 Change-Id: I66db324fe507e98096b89e0731404fb5ca389436 --- M modules/varnish/templates/upload-backend.inc.vcl.erb M modules/varnish/templates/upload-frontend.inc.vcl.erb 2 files changed, 26 insertions(+), 24 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/83/356583/1 diff --git a/modules/varnish/templates/upload-backend.inc.vcl.erb b/modules/varnish/templates/upload-backend.inc.vcl.erb index fa0b8a8..d40235a 100644 --- a/modules/varnish/templates/upload-backend.inc.vcl.erb +++ b/modules/varnish/templates/upload-backend.inc.vcl.erb @@ -71,9 +71,11 @@ set beresp.http.X-Content-Range = beresp.http.Content-Range; } - // Derive the corresponding original URL and store it with the object - if (!beresp.http.X-MediaWiki-Original && bereq.url ~ "^/+[^/]+/[^/]+/thumb/[^/]+/[^/]+/[^/]+/[0-9]+px-") { - set beresp.http.X-MediaWiki-Original = regsub(bereq.url, "^(/+[^/]+/[^/]+/)thumb/([^/]+/[^/]+/[^/]+).*$", "\1\2"); + if (bereq.http.host == "<%= @vcl_config.fetch('upload_domain') %>") { + // Derive the corresponding original URL and store it with the object + if (!beresp.http.X-MediaWiki-Original && bereq.url ~ "^/+[^/]+/[^/]+/thumb/[^/]+/[^/]+/[^/]+/[0-9]+px-") { + set beresp.http.X-MediaWiki-Original = regsub(bereq.url, "^(/+[^/]+/[^/]+/)thumb/([^/]+/[^/]+/[^/]+).*$", "\1\2"); + } } call upload_common_backend_response; diff --git a/modules/varnish/templates/upload-frontend.inc.vcl.erb b/modules/varnish/templates/upload-frontend.inc.vcl.erb index d3b2e14..819e008 100644 --- a/modules/varnish/templates/upload-frontend.inc.vcl.erb +++ b/modules/varnish/templates/upload-frontend.inc.vcl.erb @@ -9,9 +9,7 @@ if (req.method == "OPTIONS" && req.http.Origin) { return (synth(667, "OK")); } - } - if (req.http.host == "<%= @vcl_config.fetch('upload_domain') %>") { // Homepage redirect to commons if (req.url == "/") { return (synth(666, "Moved Permanently")); @@ -147,27 +145,29 @@ } sub cluster_fe_err_synth { - // Handle CORS preflight requests - if (resp.status == 667) { - set resp.status = 200; - set resp.http.Connection = "keep-alive"; - set resp.http.Content-Length = "0"; + if (req.http.host == "<%= @vcl_config.fetch('upload_domain') %>") { + // Handle CORS preflight requests + if (resp.status == 667) { + set resp.status = 200; + set resp.http.Connection = "keep-alive"; + set resp.http.Content-Length = "0"; - // allow Range requests, used by ogv.js - set resp.http.Access-Control-Allow-Origin = "*"; - set resp.http.Access-Control-Allow-Headers = "Range"; - set resp.http.Access-Control-Allow-Methods = "GET, HEAD, OPTIONS"; - set resp.http.Access-Control-Max-Age = "86400"; + // allow Range requests, used by ogv.js + set resp.http.Access-Control-Allow-Origin = "*"; + set resp.http.Access-Control-Allow-Headers = "Range"; + set resp.http.Access-Control-Allow-Methods = "GET, HEAD, OPTIONS"; + set resp.http.Access-Control-Max-Age = "86400"; - return (deliver); - } + return (deliver); + } - // Homepage redirect to commons - if (resp.status == 666) { - set resp.status = 301; - set resp.http.Location = "https://commons.wikimedia.org/"; - set resp.http.Connection = "keep-alive"; - set resp.http.Content-Length = "0"; - return (deliver); + // Homepage redirect to commons + if (resp.status == 666) { + set resp.status = 301; + set resp.http.Location = "https://commons.wikimedia.org/"; + set resp.http.Connection = "keep-alive"; + set resp.http.Content-Length = "0"; + return (deliver); + } } } -- To view, visit https://gerrit.wikimedia.org/r/356583 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I66db324fe507e98096b89e0731404fb5ca389436 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ema <e...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits