[03:01:30] <MirahezeRelay>	 <crystalite13> [1/2] quick note to tech: after wiki reset, not sure why but wood mark is a bit wonky
[03:01:30] <MirahezeRelay>	 <crystalite13> [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1486923088208728178/image.png?ex=69c74489&is=69c5f309&hm=bb4491d2e991147687f2ed4febfd0e6b9089732f44930a76dbf3cb825ce5f98c&
[04:36:09] <MirahezeRelay>	 <cosmicalpha, replying to Crystalite13> Thanks again for the reminder. Next week. Probably going into April though.
[09:08:49] <MirahezeRelay>	 <posix_memalign> Some ideas for per-wiki CSP: https://issue-tracker.miraheze.org/T14949. I think there's a pretty clear path to _a_ implementation that is both simple and functional. The main concern would be performance.
[09:08:59] <MirahezeRelay>	 <posix_memalign, replying to crystalite13> [1/2] Seems fine when I compare to another new wiki?
[09:09:00] <MirahezeRelay>	 <posix_memalign, replying to crystalite13> [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1487015570263248926/image.png?ex=69c79aab&is=69c6492b&hm=d1f1429b978689bef8358acdd5206fa6b63c2c6869dfe77f06c12ca1c8abc18a&
[14:22:37] <MirahezeRelay>	 <crystalite13, replying to posix_memalign> Huh, weird
[14:22:46] <MirahezeRelay>	 <crystalite13> Not sure why but it looks off center to me….
[14:57:12] <MirahezeRelay>	 <kai84> hi tech friends this question might be better suited for u guys :D
[15:33:25] <MirahezeRelay>	 <posix_memalign, replying to kai84> [1/2] https://meta.miraheze.org/wiki/Help%3AChart
[15:33:26] <MirahezeRelay>	 <posix_memalign, replying to kai84> [2/2] This extension is not yet available, though it contains some js you can adapt.
[15:45:43] <MirahezeRelay>	 <kai84, replying to posix_memalign> extension is not available at all or just not on miraheze?
[15:46:21] <MirahezeRelay>	 <kai84> my specific use case is off miraheze, im asking as more of whats the best for it on mediawiki in general
[15:59:24] <MirahezeRelay>	 <posix_memalign, replying to kai84> [1/2] Extension is not on Miraheze. It's a new WMF extension that still needs some config changes on puppet for deployment. 
[15:59:24] <MirahezeRelay>	 <posix_memalign, replying to kai84> [2/2] For MW in general, you can either use an extension that renders the plot server-side (if one is available) or use a js library to render the plot client-side. Whichever works best for you.
[18:28:40] <MirahezeRelay>	 <thewwrnerdguy> [1/2] for https://github.com/miraheze/mw-config/pull/6348 should I tell them to make a Phorge ticket for it too, just to verify it's the actual person from the wiki
[18:28:41] <MirahezeRelay>	 <thewwrnerdguy> [2/2] Or ig adding their github username to their Phorge profile also works?
[18:30:18] <MirahezeRelay>	 <pskyechology, replying to thewwrnerdguy> [1/2] if you have doubts about their relation to the wiki, ensuring of their identity is appropriate yes
[18:30:19] <MirahezeRelay>	 <pskyechology, replying to thewwrnerdguy> [2/2] in this particular case i can tell you that the person is a crat on the respective wiki
[19:41:26] <MirahezeRelay>	 <thewwrnerdguy, replying to pskyechology> yeah I was fine with looking them up on Phorge and they are a crat, this was more about making sure that the GitHub user is the same person as the Phorge user
[19:54:04] <MirahezeRelay>	 <rhinosf1> @posix_memalign I don't think perf should be an issue with your CSP ideas
[19:54:46] <MirahezeRelay>	 <rhinosf1> We could define it straight in php config
[19:55:04] <MirahezeRelay>	 <rhinosf1> There is a mediawiki config variable for CSP we could use instead of varnish though
[19:55:46] <MirahezeRelay>	 <rhinosf1> Per wiki CSP is a good option though
[19:56:08] <MirahezeRelay>	 <rhinosf1> Also removing a lot from the CSP and making people confirm they still need it is a potential
[19:56:27] <MirahezeRelay>	 <pskyechology> i was originally thinking of cooking something up on the puppet side of things (ssl repo-style) but that also works
[19:56:45] <MirahezeRelay>	 <pskyechology> undoubtedly we need something cause we are ballooning
[19:56:51] <MirahezeRelay>	 <pixldev> Hmmmmmmm
[19:57:10] <MirahezeRelay>	 <abaddriverlol> I think we should still consider a proxy
[19:57:35] <MirahezeRelay>	 <pixldev> If CSP is controlled by the MediaWiki application layer, could we also add in a way to disable some parts per user?
[19:57:52] <MirahezeRelay>	 <pskyechology, replying to pixldev> we could do whatever then
[19:57:58] <MirahezeRelay>	 <rhinosf1, replying to abaddriverlol> Yes so do I
[19:58:04] <MirahezeRelay>	 <rhinosf1> We should consider both
[19:58:13] <MirahezeRelay>	 <rhinosf1, replying to pixldev> Why not?
[19:58:49] <MirahezeRelay>	 <abaddriverlol> Maybe the CSP should be more restrictive in safemode
[19:58:56] <MirahezeRelay>	 <pixldev> Definitely
[19:58:59] <MirahezeRelay>	 <pskyechology> ooh love that
[19:58:59] <MirahezeRelay>	 <rhinosf1> Yes
[19:59:18] <MirahezeRelay>	 <pixldev> I was thinking a separate setting but that too
[19:59:51] <MirahezeRelay>	 <pskyechology> now that wwr is green we can make him deploy his own bucket PR
[19:59:58] <MirahezeRelay>	 <abaddriverlol> The WMF also had the idea at some point to add some sort of permission prompt that can be used to allow a domain on the csp
[20:00:10] <MirahezeRelay>	 <abaddriverlol> E.g. via a special page with safemode enabled and a separate csrf token
[20:00:13] <MirahezeRelay>	 <pixldev> Likey
[20:00:30] <MirahezeRelay>	 <abaddriverlol> So you can redirect the user to that prompt via a userscript
[20:01:31] <MirahezeRelay>	 <pskyechology> "do you want your data to be potentially sold to the chinese? press here if you agree to not hold us liable for your local wiki admins being silly"
[20:02:49] <MirahezeRelay>	 <pixldev> We could show the things it grants (image only, data only, scripts) and include details from the CSP review
[20:56:47] <MirahezeRelay>	 <posix_memalign, replying to rhinosf1> So doing it through https://www.mediawiki.org/wiki/Manual:$wgCSPHeader ?
[20:57:09] <MirahezeRelay>	 <rhinosf1, replying to posix_memalign> It could be one way to do it
[20:58:16] <MirahezeRelay>	 <posix_memalign> I guess we could also use a hook to set the full header for every request and then append to the header if there are wiki-specific configs. That'll just push the logic from varnish to MW.
[21:21:50] <MirahezeRelay>	 <thewwrnerdguy> [1/8] Okay so Bucket checklist in the order these things came into my head:
[21:21:51] <MirahezeRelay>	 <thewwrnerdguy> [2/8] - add bucketuser to prod
[21:21:51] <MirahezeRelay>	 <thewwrnerdguy> [3/8] - update [[help:structured data]] (should I merge the history of my bucket page or just copy and paste my section in?)
[21:21:51] <MirahezeRelay>	 <thewwrnerdguy> [4/8] - create bucketwiki, import from buckettestwikibeta
[21:21:52] <MirahezeRelay>	 <thewwrnerdguy> [5/8] - finalise docs of Module:Bucket, also mention it in help:structured data
[21:21:52] <MirahezeRelay>	 <thewwrnerdguy> [6/8] - merge https://github.com/miraheze/mw-config/pull/6335
[21:21:52] <MirahezeRelay>	 <thewwrnerdguy> [7/8] - super secret tech stuff I can't be bothered to redact so instead I'll just leave this as "see MM"
[21:21:53] <MirahezeRelay>	 <thewwrnerdguy> [8/8] I think that's everything?
[21:21:53] <MirahezeRelay>	 <Wiki-Bot#2998> <https://meta.miraheze.org/wiki/Help:Structured_data>
[21:23:19] <MirahezeRelay>	 <pskyechology> sounds about right, off to work you go!
[21:24:48] <MirahezeRelay>	 <pskyechology> im gonna do the most difficult job of them all: drafting the announcement
[21:33:43] <MirahezeRelay>	 <thewwrnerdguy> thank you skye for your tireless work stealing the credit for everything I've done
[21:33:49] <MirahezeRelay>	 <thewwrnerdguy> ❤️
[21:34:08] <MirahezeRelay>	 <pskyechology> dont worry you are gonna get so much glaze
[22:46:48] <MirahezeRelay>	 <cosmicalpha, replying to thewwrnerdguy> * add bucketuser to prod [Done]
[23:07:39] <MirahezeRelay>	 <lewisakura> regarding bucket, av.miraheze.org would love to play with it
[23:07:45] <MirahezeRelay>	 <notaracham> Also big creditos to SRD for joining the WG clan and doing their part towards making a universal bucket possible.
[23:08:09] <MirahezeRelay>	 <pskyechology, replying to lewisakura> you will we just need to torture @thewwrnerdguy a bit more
[23:08:38] <Crystalite13>	 skye didn't you see the nom
[23:08:55] <MirahezeRelay>	 <pskyechology> i did but this is the wrong channel for this convo
[23:09:11] <Crystalite13>	 oh oops I thought I was in miraheze
[23:37:40] <MirahezeRelay>	 <posix_memalign, replying to notaracham> Since the WG discord is public I guess SRD's position is publicly available info at this point.
[23:41:28] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [1/2] Oh there's this hook which should make things a lot easier. https://www.mediawiki.org/wiki/Manual:Hooks/ContentSecurityPolicyDirectives. We just read per-wiki configs and then modify the CSP with this hook.
[23:41:28] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [2/2] I'm still not sure whether we want a LocalSettings.php style file that hardcodes CSP overrides for each wiki or add a new restricted ManageWiki setting for this purpose.
[23:44:50] <MirahezeRelay>	 <pixldev> I’m feeling config is better
[23:45:24] <MirahezeRelay>	 <pskyechology> yeah I'm not feeling managewiki with this one
[23:45:58] <MirahezeRelay>	 <pskyechology> it would also mean putting a tech matter in the realm of stewards
[23:48:18] <MirahezeRelay>	 <notaracham, replying to posix_memalign> I suppose that's a fair point.  Public yes, widely known no
[23:48:53] <MirahezeRelay>	 <notaracham> Hadn't considered that, my bad
[23:49:27] <MirahezeRelay>	 <posix_memalign, replying to pskyechology> 👍 I'm testing locally and it seems that `$wgCSPHeader` is limited to what the WMF wants to do with their CSP. E.g. it doesn't support `img-src` which we are using.
[23:49:39] <MirahezeRelay>	 <pskyechology> nerds
[23:50:08] <MirahezeRelay>	 <posix_memalign> So I think we might just end up with a custom implementation that uses a hook to add a header.