[07:51:40] <MirahezeRelay>	 <rhinosf1, replying to originalauthority> mweval <dbname> also works but Eval.php is a older and shittier than she'll
[10:39:05] <MirahezeRelay>	 <posix_memalign> [1/5] Draft commits for per-wiki CSP.
[10:39:05] <MirahezeRelay>	 <posix_memalign> [2/5] https://github.com/miraheze/mw-config/commit/ba8976f4a88c55d9af4d182d9981b224c3af573b
[10:39:06] <MirahezeRelay>	 <posix_memalign> [3/5] https://github.com/miraheze/MirahezeMagic/commit/91af54501780f54bf8598486208e7a9c408b4328
[10:39:06] <MirahezeRelay>	 <posix_memalign> [4/5] They are tricky to test since Varnish will unset the original CSP headers. I guess Varnish could set some other header (e.g. `Original-Content-Security-Policy`) to the original CSP, but that needs to apply only to test151. 
[10:39:06] <MirahezeRelay>	 <posix_memalign> [5/5] I also didn't use `$wgCSPHeader` at all since it depends on an [upstream patch](https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1263757) to be usable for us. For now we can just override the whole thing.
[10:56:33] <MirahezeRelay>	 <posix_memalign> [1/3] Puppet PR to expose MediaWiki's CSP in the header on test151.
[10:56:33] <MirahezeRelay>	 <posix_memalign> [2/3] https://github.com/miraheze/puppet/pull/4833
[10:56:33] <MirahezeRelay>	 <posix_memalign> [3/3] Hopefully I got it right because I've no idea how Varnish config files work.
[11:04:40] <MirahezeRelay>	 <rhinosf1, replying to posix_memalign> Deploying
[11:05:24] <MirahezeRelay>	 <rhinosf1> Not worked
[11:11:49] <MirahezeRelay>	 <rhinosf1> @posix_memalign redeploying a hopefully working version
[11:14:56] <MirahezeRelay>	 <rhinosf1> 3rd time lucky maybe
[11:17:26] <MirahezeRelay>	 <rhinosf1> @posix_memalign it was 3rd time lucky, should be deployed
[11:17:33] <MirahezeRelay>	 <posix_memalign> Nice! Thanks!
[11:18:51] <MirahezeRelay>	 <posix_memalign> I can see the `original-content-security-policy` header now. Silly mistakes were made but overall it looks promising.
[11:26:58] <MirahezeRelay>	 <posix_memalign> [1/3] Should be working now.
[11:26:59] <MirahezeRelay>	 <posix_memalign> [2/3] On https://meta.mirabeta.org/ the only difference between the Varnish version and the MW version is a trailing semicolon which doesn't matter. 
[11:26:59] <MirahezeRelay>	 <posix_memalign> [3/3] On https://exttest.mirabeta.org/ "example.com" is appended to `script-src` which is specified in the [mw-config override](https://github.com/miraheze/mw-config/commit/ba8976f4a88c55d9af4d182d9981b224c3af573b#diff-88d6627f70047b1787141af07cd110e1bd5be1ad4871cc04a9f921311d65b286R11-R14).
[11:28:10] <MirahezeRelay>	 <rhinosf1> I'll review it today
[11:28:47] <MirahezeRelay>	 <rhinosf1> @posix_memalign do you wanna make the PR to do the puppet changes
[11:28:54] <MirahezeRelay>	 <rhinosf1> And I'll review it all in one go
[11:30:07] <MirahezeRelay>	 <posix_memalign> Sure. One thing I'm not sure about is whether we want the default CSP directives to be in mw-config as well. Right now it lives in MirahezeMagic which is a bit awkward since it is separated from the per-wiki overrides in mw-config.
[11:31:20] <MirahezeRelay>	 <rhinosf1> I think in mw-config is better
[11:40:25] <MirahezeRelay>	 <posix_memalign> Too tired to change anything rn. Will get to it later today.
[11:43:38] <RhinosF1>	 Ok
[20:36:00] <MirahezeRelay>	 <posix_memalign> [1/4] @rhinosf1 PRs are ready for review:
[20:36:01] <MirahezeRelay>	 <posix_memalign> [2/4] https://github.com/miraheze/mw-config/pull/6351
[20:36:01] <MirahezeRelay>	 <posix_memalign> [3/4] https://github.com/miraheze/MirahezeMagic/pull/648
[20:36:01] <MirahezeRelay>	 <posix_memalign> [4/4] https://github.com/miraheze/puppet/pull/4834
[20:40:27] <MirahezeRelay>	 <rhinosf1, replying to posix_memalign> Could probably make it fall back to a restrictive csp now so it's really obvious if it fails
[20:42:56] <MirahezeRelay>	 <posix_memalign> Yeah good point. I'll change Puppet's CSP then.
[20:44:08] <MirahezeRelay>	 <rhinosf1> I would like to get some of them moved to per wiki or removed from the list in the long term too
[20:44:14] <MirahezeRelay>	 <rhinosf1> So one less thing to keep in sync
[20:45:05] <MirahezeRelay>	 <rhinosf1> FYI @paladox
[20:47:16] <MirahezeRelay>	 <posix_memalign> Yeah after the initial patch we should go through the list and move ones specific to a particular wiki to per-wiki settings.
[20:47:40] <MirahezeRelay>	 <posix_memalign> We also have nexttide.org and wikitide.net on there which are not even functional right now.
[20:55:50] <MirahezeRelay>	 <posix_memalign> [1/2] https://github.com/lihaohong6/puppet/commit/40e4df4843740dffeed22c123eccb0b622dc6c00
[20:55:50] <MirahezeRelay>	 <posix_memalign> [2/2] Change pushed. The fallback CSP should break mirabeta completely (which is what we want to catch issues). On prod it'll break a lots of embeds and custom js, though editing features (and captchas) should still be functional.
[20:57:14] <MirahezeRelay>	 <rhinosf1, replying to posix_memalign> That's bad, take them out
[20:58:02] <MirahezeRelay>	 <rhinosf1> I will wait for feedback from at least @paladox and then I think good to merge
[20:58:57] <Crystalite13>	 anyone know what's the status on Cookie consent?
[21:00:35] <MirahezeRelay>	 <posix_memalign, replying to Crystalite13> I think CA already said it'll be sometime in April? We should (per tradition) move it to the April issue.
[21:01:00] <Crystalite13>	 looks like I didnt see that, since I think it was planned for March but oh well
[21:02:18] <MirahezeRelay>	 <posix_memalign> ^ https://discord.com/channels/407504499280707585/1006789349498699827/1486946907661140130
[21:02:48] <MirahezeRelay>	 <posix_memalign> IRC probably can't bridge that. I guess you'll have to wait until you get back on Discord.
[21:04:28] <MirahezeRelay>	 <crystalite13, replying to posix_memalign> saw it
[21:04:45] <MirahezeRelay>	 <crystalite13> ohhhhhh the reason i didnt know was because i never got the ping
[21:07:51] <MirahezeRelay>	 <posix_memalign, replying to rhinosf1> They're gone from the puppet PR. For mw-config do we want to remove these domains in a follow-up commit or in the current PR? The mw-config PR corresponds to the original puppet config exactly right now. Feels wrong to me to introduce two types of changes in one PR.
[21:08:28] <MirahezeRelay>	 <crystalite13, replying to posix_memalign> question in #volunteering
[21:11:29] <MirahezeRelay>	 <posix_memalign, replying to crystalite13> No need to ping tbh. I cycle through channels with new messages once in a while. Pings interrupt the current thing I'm doing, though it isn't a huge deal because I interrupt myself all the time.
[21:14:26] <MirahezeRelay>	 <crystalite13, replying to posix_memalign> oh, oops
[21:16:12] <MirahezeRelay>	 <paladox> @rhinosf1 @posix_memalign looks fine to me. Please when deploying run a curl to make sure it works.
[21:36:26] <MirahezeRelay>	 <rhinosf1, replying to posix_memalign> Current is fine
[21:36:40] <MirahezeRelay>	 <rhinosf1, replying to paladox> Ack
[21:36:51] <MirahezeRelay>	 <rhinosf1> I'll probably deploy the puppet bit tomorrow night
[21:37:06] <MirahezeRelay>	 <rhinosf1> @posix_memalign feel free to deploy the mediawiki bit whenever
[22:06:23] <MirahezeRelay>	 <kockaadmiralac> btw do I need to ping anyone for PR review on mw-config or is someone monitoring those
[22:12:22] <MirahezeRelay>	 <pskyechology, replying to kockaadmiralac> in most cases there'll be someone reviewing it but pretend everyone has adhd
[22:14:25] <MirahezeRelay>	 <kockaadmiralac> Ok well I sent in this one <https://github.com/miraheze/mw-config/pull/6350> not sure if I did it right
[22:14:27] <MirahezeRelay>	 <posix_memalign, replying to rhinosf1> [1/2] All done. Tested with `curl -I https://exttest.mirabeta.org/wiki/Main_Page` and `curl -I https://meta.mirabeta.org/wiki/Miraheze_Meta` and looks fine on beta. 
[22:14:28] <MirahezeRelay>	 <posix_memalign, replying to rhinosf1> [2/2] On prod there is no difference until the puppet/varnish PR. Not sure if there's a way to bypass Varnish and curl straight to MW servers on prod.
[22:20:57] <MirahezeRelay>	 <thewwrnerdguy, replying to kockaadmiralac> we get notified when it happens but yeah as skye said
[22:21:51] <MirahezeRelay>	 <posix_memalign, replying to kockaadmiralac> [1/4] I think this is more of a "is this config popular enough to warrant a ManageWikiSettings entry" situation. The alternative would be per-wiki overrides on LocalSettings.php.
[22:21:51] <MirahezeRelay>	 <posix_memalign, replying to kockaadmiralac> [2/4] Which wiki requested this to be added?
[22:21:51] <MirahezeRelay>	 <posix_memalign, replying to kockaadmiralac> [3/4] Considering the popularity of gadgets I lean toward accepting this PR and adding it to ManageWiki. Tech has become a lot more cautious when it comes to adding to our already huge list of settings, though, so a second opinion would be good here. 
[22:21:52] <MirahezeRelay>	 <posix_memalign, replying to kockaadmiralac> [4/4] The lack of documentation on mw.org is a bit concerning, especially since this option got added after a breaking change that removed `$wgGadgetsRepoClass`.
[22:24:20] <MirahezeRelay>	 <thewwrnerdguy, replying to posix_memalign> If I'm reading it correctly it would definitely help if you were importing gadgets from wiki.gg since they use JSON mode
[22:26:30] <MirahezeRelay>	 <posix_memalign> Oh that's a very good point. Lemme test deploy it on test151 then.
[22:33:31] <MirahezeRelay>	 <kockaadmiralac> I'm working on Margin of the Strange Wiki which is in the process of moving from wiki.gg yeah
[22:40:06] <MirahezeRelay>	 <pskyechology, replying to kockaadmiralac> oh? how come?
[22:40:38] <MirahezeRelay>	 <kockaadmiralac> Long story
[22:41:10] <MirahezeRelay>	 <kockaadmiralac> But let's say we tried both hosts and people preferred Miraheze
[22:41:20] <MirahezeRelay>	 <pskyechology> awesome to hear
[22:42:27] <MirahezeRelay>	 <posix_memalign> The setting itself works. "Styling" is not an ideal category, though I struggle to find a fitting one. Somehow the `GadgetDefinition` content model is not available, so creating a page on `MediaWiki:Gadgets/test-gadget` will result in a wikitext page and `GadgetDefinition` doesn't show up as an option when changing the content model.
[22:43:10] <MirahezeRelay>	 <originalauthority> did the json stuff get merged into Gadgets? I though there was a whole convo about that upstream and WMF said no?
[22:44:19] <MirahezeRelay>	 <posix_memalign> I think the Gadget Definition namespace got removed. JSON is still around.
[22:47:06] <MirahezeRelay>	 <kockaadmiralac, replying to posix_memalign> You need a .json suffix
[22:47:26] <MirahezeRelay>	 <kockaadmiralac> wiki.gg have changed Gadgets a bit from the vanilla repo
[22:47:56] <MirahezeRelay>	 <kockaadmiralac> So their gadget definitions don't need a .json suffix and their gadget pages all have to go under MediaWiki:Gadgets/<name>/
[22:48:02] <MirahezeRelay>	 <kockaadmiralac> And the manifest is a bit different
[22:49:14] <MirahezeRelay>	 <posix_memalign> Ah yeah there's a pretty big difference. Vanilla JSON pages resemble the old gadgets-definition a lot more.
[22:49:30] <MirahezeRelay>	 <kockaadmiralac> <https://undertale.wiki/w/Special:PrefixIndex/MediaWiki:Gadgets> This is how manifests look for vanilla
[22:51:34] <MirahezeRelay>	 <posix_memalign> Cool. I managed to get it working on my end as well. Is there any documentation about this? mw.org only has the old stuff from MW <= 1.41.
[22:51:41] <MirahezeRelay>	 <kockaadmiralac> No lol
[22:53:49] <MirahezeRelay>	 <kockaadmiralac> Well wiki.gg has some but that's for their version which is slightly different
[22:54:14] <MirahezeRelay>	 <kockaadmiralac> I could probably look into documenting it if it's needed before merging
[22:56:58] <MirahezeRelay>	 <posix_memalign> That's so sad lmao. It's not a hard requirement but would be nice to get some form of documentation on mw.org so that other users who stumble upon that config aren't confused.
[23:23:43] <MirahezeRelay>	 <posix_memalign> PR can be merged now.
[23:26:03] <MirahezeRelay>	 <posix_memalign> I'll write some brief documentation on mw.org and then merge and deploy.