[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Lydia_Pintscher added a comment. \o/ TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe, Lydia_Pintscher Cc: jeremyb, Yurik, JohnLewis, hoo, GWicke, greg, Lydia_Pintscher, csteipp, jcrespo, Leg

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a comment. yay! antoine-approve TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe, Smalyshev Cc: jeremyb,

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Joe added a comment. https://query.wikidata.org :) TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe Cc: jeremyb, Yurik, JohnLewis, hoo, GWicke, greg, Lydia_Pintscher, csteipp, jcrespo, Legokt

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

gerritbot added a comment. Change 229392 merged by Giuseppe Lavagetto: wikidata query: add misc-web configuration https://gerrit.wikimedia.org/r/229392 TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

gerritbot added a comment. Change 228411 merged by Dzahn: Add query.wikidata.org https://gerrit.wikimedia.org/r/228411 TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe, gerritbot Cc: JohnLewi

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a comment. @csteipp sure. but I have no idea who that would be. Could you create a task and assign it to appropriate person? TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe,

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

csteipp added a comment. @Smalyshev, before we deploy this, can we task someone with updating $wgCrossSiteAJAXdomains to remove it from CORS domains, and set cookies for only the specific wikidata subdomains from CentralAuth? TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFE

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

gerritbot added a comment. Change 229392 had a related patch set uploaded (by Giuseppe Lavagetto): wikidata query: add misc-web configuration https://gerrit.wikimedia.org/r/229392 TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/sett

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Joe added a comment. I've took a bit of an alternative approach: - deploy behind misc-web, as query.wikidata.org - as logstash does, do not use lvs but varnish directly here. TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

GWicke added a comment. @jeroendedauw: https://en.wikipedia.org/api/rest_v1/?doc TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe, GWicke Cc: JohnLewis, hoo, GWicke, greg, Lydia_Pintscher, cst

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

JeroenDeDauw added a comment. > including the REST API at /api/rest_v1/ What REST API are you talking about? TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe, JeroenDeDauw Cc: JohnLewis, hoo

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

JanZerebecki added a comment. I don't know of any deployed functionality that edits from www.wikidata.org to other Wikis. Maybe who knows what gadgets and user scripts do? TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/pan

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a comment. > But if our wikis accept CORS requests from the service's domain, then an xss > in this service can lead to significant issues on the wikis (steal user > tokens, Aren't our tokens HTTP only? If we allow content from *.wikidata.org to be injected to any wiki, then t

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a comment. > Will the query service return raw HTML or SVG content? Check out: https://wiki.blazegraph.com/wiki/index.php/REST_API#QUERY. The formats query accepts are XML and JSON. However, I don't think we do URL filtering now which means one could access not only the query

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

GWicke added a subscriber: GWicke. GWicke added a comment. Will the query service return raw HTML or SVG content? If it's only returning other content types like JSON, then CORS might not end up mattering too much. An alternative to a separate domain could be to use `https://wikidata.org/api/qu

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

csteipp added a comment. In https://phabricator.wikimedia.org/T107602#1507585, @JanZerebecki wrote: > The intent is for the service to allow CORS, but I'm not sure about the > implications. Anyway that that means it is not an argument for wikimedia.org > and against wikidata.org. So we are left

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

BBlack added a comment. In https://phabricator.wikimedia.org/T107602#1507676, @JanZerebecki wrote: > If we put it in misc then this would be the first that has another level > behind misc instead of one named server. I have no preference. You or whoever > wants to merge it chooses? Another le

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

JanZerebecki added a comment. In https://phabricator.wikimedia.org/T107602#1507297, @BBlack wrote: > The part about failover is orthogonal to the decision about misc-web. Our > standard model for a raw internal service will be to LVS it across redundant > backends as discussed in the other tic

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

JanZerebecki added a comment. The intent is for the service to allow CORS, but I'm not sure about the implications. Anyway that that means it is not an argument for wikimedia.org and against wikidata.org. So we are left with the cookies which we should isolate from the service, by either restri

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Lydia_Pintscher added a subscriber: Lydia_Pintscher. Lydia_Pintscher added a comment. I'd very much prefer query.wikidata.org for the query service. wikidata-query.wikimedia.org is rather ugly and not memorable for outsiders. TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFER

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

csteipp added a subscriber: csteipp. csteipp added a comment. @Stas, is wikidata.org required for some reason? Or was that just ok with them? Running on wikimedia.org would have a number of benefits for security-- no cookies, and no CORS accepted from the service. TASK DETAIL https://phabric

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a comment. @csteipp Well, it's //Wikidata// Query Service which serves wikidata content... So having domain at wikimedia and not wikidata would not be ideal. But if it's easier, we could start with that and add wikidata one later. Also, doesn't wikimedia.org have cookies too?

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Joe added a comment. Stripping cookies at the varnish layer is possible, not adviceable in general IMO. TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe Cc: Legoktm, gerritbot, Smalyshev, BBl

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Legoktm added a comment. In https://phabricator.wikimedia.org/T107602#148, @Smalyshev wrote: > The service does not need to access them but I'm not sure how we can avoid > them being sent... Maybe have some varnish rule to strip them? I see that > "interesting" cookies are HTTP only, so it

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a comment. The service does not need to access them but I'm not sure how we can avoid them being sent... Maybe have some varnish rule to strip them? I see that "interesting" cookies are HTTP only, so it looks less problematic. TASK DETAIL https://phabricator.wikimedia.org/T10

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Legoktm added a subscriber: Legoktm. Legoktm added a comment. In https://phabricator.wikimedia.org/T107602#1499826, @gerritbot wrote: > Add query.wikidata.org CentralAuth cookies are currently set for ".wikidata.org". Should this service have access to those cookies? TASK DETAIL https://ph

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

gerritbot added a subscriber: gerritbot. gerritbot added a comment. Change 228411 had a related patch set uploaded (by JanZerebecki): Add query.wikidata.org https://gerrit.wikimedia.org/r/228411 TASK DETAIL https://phabricator.wikimedia.org/T107602 EMAIL PREFERENCES https://phabricator.wik

[Wikidata-bugs] [Maniphest] [Commented On] T107602: Set up a public interface to the wikidata query service

Smalyshev added a subscriber: Smalyshev. Smalyshev added a comment. > what hostname would we use? query.wikidata.org Yes, looks like it from discussion with wikidata team. > should we just cache static assets and no query Yes. I don't think caching queries makes a lot of sense for now, as we