EBernhardson added a comment.
I've tracked down one source of 500 errors, unclear if the original report here is for same thing. Reproduction: curl -XPOST https://commons-query.wikimedia.org/any-url-doesnt-matter -d 'foo=bar' Reason: This request includes a `Content-Length` header which nginx ends up passing along to the /oauth/check_auth endpoint. Jetty (hosting the endpoint) sees the Content-Length header and starts waiting for the content to arrive, which never does. After 30s jetty times out the request. This most likely means all request's with the query in the content, rather than a url query string, receive this 500 error. Resolution: Whitelist the set of headers that will be passed along to the /oauth/* endpoints to only include the Host and Cookies headers. Caveats: While this will fix the timeout, i suspect it will simply fail the request at a different part of the request. At least in my reproduction case the reason the UI is issuing a POST request with the query in the body is that the GET request was rejected due to attempting to re-auth during an XHR and the browser refused to show the response to the javascript. The UI javascript interprets this as the request having never been sent and re-issues the same request over POST. Once this timeout issue is fixed that POST request will have the same CORS problems and it's unlikely we will be able to change mediawiki's Special:OAuth CORS headers for this use case. Possible Solutions: Gergo suggested perhaps we can store an oauth1 related token in the cookies. When the JWT expires after 2 hours and requires a re-auth we might be able to re-validate the previously stored oauth1 token, rather than going through the full redirect-bounce which has CORS issues. Will require more investigation and review of oauth 1 flows to determine if this is viable. TASK DETAIL https://phabricator.wikimedia.org/T306899 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: EBernhardson Cc: MPhamWMF, DAbad, RKemper, EBernhardson, FRomeo_WMF, GFontenelle_WMF, Gehel, Fuzheado, Aklapper, Dominicbm, Astuthiodit_1, AWesterinen, karapayneWMDE, Invadibot, maantietaja, CBogen, ItamarWMDE, Akuckartz, Nandana, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, merbst, LawExplorer, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Mbch331
_______________________________________________ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org