[00:21:43] <MirahezeRelay>	 <originalauthority> There really needs to be some work done on how wiki resets are done
[00:23:26] <MirahezeRelay>	 <crystalite13> yeah
[00:23:30] <MirahezeRelay>	 <crystalite13> i like that idea
[00:23:32] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [1/2] I thought about this a bit more. MediaWiki has a built-in `action=cspreport` API that can log CSP violations through [$wgDebugLogGroups](https://www.mediawiki.org/wiki/Manual:$wgDebugLogGroups#Some_common_debug_log_groups). Presumably we don't use that variable because we have graylog, but we should be able to log CSP violations regardless. 
[00:23:32] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [2/2] So we could set `Content-Security-Policy-Report-Only` to a minimal set of domains and observe how the logs come in. Anything that appears frequently we can add to the report-only CSP. In the end we get a set of frequently used domains to go into the default CSP, and we have a good idea of what domains can become optional on ManageWiki.
[00:40:41] <MirahezeRelay>	 <kockaadmiralac> You use $wmgMonologChannels but yeah
[00:49:44] <MirahezeRelay>	 <posix_memalign, replying to kockaadmiralac> Thx. We could add the CSP channel in there. I'll draft the plan on Phorge then.
[01:11:59] <MirahezeRelay>	 <tangoer_man> any plans to update citizen on miraheze wikis? rn the heze is on 3.13 while the latest has 3.15 (which has some nice new stuff)
[01:12:57] <MirahezeRelay>	 <abaddriverlol> See https://issue-tracker.miraheze.org/T15192
[01:39:51] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [1/2] Done https://issue-tracker.miraheze.org/T15205
[01:39:52] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [2/2] This seems very involved and I will probably wait until I have a lot of time to work on it, unless someone else wants to take over so that I don't have to experience the thrill of blowing up production.
[05:47:35] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [1/2] Another task for logging instances of applying a fallback CSP in Varnish
[05:47:35] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> [2/2] https://issue-tracker.miraheze.org/T15208
[05:53:28] <MirahezeRelay>	 <posix_memalign, replying to posix_memalign> I've no idea whether `std.log` works for logging because it appears nowhere in our Varnish config. Hopefully someone does know.
[06:43:33] <MirahezeRelay>	 <cosmicalpha, replying to posix_memalign> We tried it before and it caused to much log spam.
[06:44:12] <MirahezeRelay>	 <cosmicalpha> IIRC
[06:45:36] <MirahezeRelay>	 <cosmicalpha> @kockaadmiralac thanks for the Cosmos patches btw (mentioning a bit late lol). I wasnt really around all that much when I gave C+2 on them but it was easy enough to review.
[06:46:12] <MirahezeRelay>	 <cosmicalpha, replying to posix_memalign> In theory it will work. I can play with it this week if you want.
[06:48:46] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> [1/2] How about probabilistically setting the `Content-Security-Policy-Report-Only` header initially (e.g. with 1% probability) so that the initial logs are manageable? Once they come in we can start adding more domains to the report-only header and increase the probability of setting the header.
[06:48:47] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> [2/2] Caching might make our lives very difficult, though. Maybe we only do it for logged-in users.
[06:49:44] <MirahezeRelay>	 <cosmicalpha> It isnt priority anyway. We can consider it though. Logging when fallback CSP is more important IMO anyway.
[06:50:35] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> [1/2] That'll be great. Thanks!
[06:50:35] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> [2/2] I think you also mentioned disabling main page creation in CW by setting a system message to `-`, which should unblock one aspect of CreateWikiLoadout. The other part is import which I'm not too sure about after discovering that ImportDump.php and Extension:ImportDump both use `ImportStreamSource`.
[06:52:44] <MirahezeRelay>	 <cosmicalpha> Hmm. Yeah I will have to give a little bit of thought on what to suggest with CreateWikiLoadout import mechanism. But yeah I can add support to disable the main page creation by setting the message to -.
[07:02:44] <MirahezeRelay>	 <originalauthority> Why can't you use WikiRevisionImporter?
[07:05:35] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> TBH I'm still not sure how CWLoadout can override the message though. There are hooks such as MessagesPreLoad and MessageCacheReplace, but the override needs to be done conditionally depending on the config in CreateWiki's extra data.
[07:06:07] <MirahezeRelay>	 <cosmicalpha, replying to posix_memalign> Same way MirahezeMagic does it.
[07:06:19] <MirahezeRelay>	 <cosmicalpha> You can conditionally override.
[07:08:24] <MirahezeRelay>	 <posix_memalign, replying to originalauthority> [1/2] I'm not sure what it is since I can't find references to it online.
[07:08:25] <MirahezeRelay>	 <posix_memalign, replying to originalauthority> [2/2] The original way of doing loadout import is just calling the importDump maintenance script, with alternatives such as using code from Extension:ImportDump.
[07:09:38] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> By setting the message value to a callback in `onMessageCacheFetchOverrides`?
[07:10:04] <MirahezeRelay>	 <cosmicalpha> No just by not setting the message key based on some config I think.
[07:12:31] <MirahezeRelay>	 <cosmicalpha> You can retrieve it from the CreateWiki service via dependency injection and conditionally change based on config.
[07:12:51] <MirahezeRelay>	 <cosmicalpha> so if config isnt set it does nothing and just uses default
[07:13:23] <MirahezeRelay>	 <cosmicalpha> I think... actually maybe I need to think more here... perhaps that won't fully work.
[07:13:32] <MirahezeRelay>	 <posix_memalign> CWLoadout does't know what the loadout is initially though. It needs to [parse the data from onCreateWikiAfterCreationWithExtraData](https://github.com/miraheze/CreateWikiLoadout/blob/ea4fe12f7fbb583dfad8be82101cad92567dab1c/includes/CreateWikiLoadoutHooks.php#L36) to determine whether the main page needs to be created by CreateWiki or imported from a loadout.
[07:13:54] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> I see. So if CW exposes the extra data through DI that could work.
[07:14:16] <MirahezeRelay>	 <cosmicalpha> It won't though. The whole concept I was thinking was flawed.
[07:14:35] <MirahezeRelay>	 <cosmicalpha> Setting the message to a minus would only work for everything.
[07:14:53] <MirahezeRelay>	 <cosmicalpha> As it would have to be done on the wiki that creates the wiki (metawiki) for it to do anything.
[07:16:07] <MirahezeRelay>	 <originalauthority> WikiRevisionImporter takes a callback for every revision, you could simply skip the main page revision before it's imported if the data passed in the hook says no main page pls
[07:23:49] <MirahezeRelay>	 <posix_memalign, replying to cosmicalpha> I guess it's always possible to fall back to a special hook if other methods fail.
[07:32:00] <MirahezeRelay>	 <posix_memalign, replying to originalauthority> Hmmm. I guess that could be possible if CW is changed to use it instead of [saveRevision](https://github.com/miraheze/CreateWiki/blob/7cc717da2d8e3c674a3c053e78d0376fcdfbcc30/maintenance/PopulateMainPage.php#L44)
[13:17:01] <MirahezeRelay>	 <kockaadmiralac, replying to kockaadmiralac> Found it https://github.com/miraheze/MatomoAnalytics/pull/190
[14:29:06] <MirahezeRelay>	 <kockaadmiralac> If I theoretically had an OAuth app that I need multiple users on a wiki to use that could potentially be used on other Miraheze wikis in the future would I first have to request it for a single wiki or would it be okay to request it for all wikis
[14:47:37] <MirahezeRelay>	 <originalauthority> I think it depends on what it does
[15:01:54] <MirahezeRelay>	 <kockaadmiralac> It's the Tiled <-> DataMaps conversion plugin <https://github.com/utdrwiki/maps> which I imagine we will be eventually using on marginofthestrange when the game releases
[15:03:36] <MirahezeRelay>	 <kockaadmiralac> There's already a MH wiki using it but they're using it entirely without authentication so I guess that doesn't count
[15:04:10] <MirahezeRelay>	 <kockaadmiralac> I already have a global consumer on wiki.gg for it so I guess I'm just asking in advance what's the policy around that
[15:05:07] <MirahezeRelay>	 <kockaadmiralac> <https://commons.wiki.gg/wiki/Special:OAuthListConsumers/view/7577ea31869b6740239db4163ff90be9> this one
[15:06:55] <MirahezeRelay>	 <originalauthority> I think it's probably fine, I don't think there is a policy. Cc @rhinosf1
[15:07:39] <MirahezeRelay>	 <kockaadmiralac> There's an RFC from OrangeStar from like three years ago but it doesn't go into detail
[15:07:53] <MirahezeRelay>	 <kockaadmiralac> <https://meta.miraheze.org/wiki/Requests_for_Comment/OAuth_policy>
[15:11:03] <MirahezeRelay>	 <rhinosf1, replying to originalauthority> We'd probably want to do a little code review and know where it's hosted
[15:11:36] <MirahezeRelay>	 <rhinosf1> Feel free to DM too
[15:11:38] <MirahezeRelay>	 <rhinosf1> Or email