SSL cert expired for plugins-svn.bbpress.org

The SSL cert being served up for https://plugins-svn.bbpress.org/ has expired, looks like it’s using an old copy of the *.bbpress.org cert, that was updated in r14643 for webs but there’s a duplicate copy of for svns (See r11954 & r11955)

#prio1 #ssl

Email forwarder hosting@wordpress.org for HelpScout

Can we please have an email forwarder from hosting@wordpress.org to hosting@wordpress.helpscoutapp.com

Ref: https://meta.trac.wordpress.org/ticket/6226

#email #helpscout #prio2

Email forwarder reports@wordpress.org for HelpScout

Can we please have an email forwarder set up from reports@wordpress.org to wp-project-reports@mu.helpscoutapp.com.

This is for some upcoming code-of-conduct stuff. I’ve set up a mailbox on the helpscout side (this is in the WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more./Foundation HS instance).

cc @angelasjin.

#email #helpscout #prio2

Grant dotorg trac access for Brandon Kraft

Following on from https://make.wordpress.org/systems/2022/04/11/commit-for-images-core-emoji-could-i/ can we please add kraftbj to the dotorg tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. allowed users list?

Thanks in advance.

#trac #prio3

Commit for images/core/emoji Could I…

Commit for images/coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress./emoji

Could I get commit access for dotorg’s image/core/emoji directory to add me to the folks who can upload new emoji assets?

When twemoji updates to new versions, in addition to the Core patch (e.g. #55395-core ), we need to upload to assets for the CDN to distribute.

We can continue to do the past way of bugging folks with commit access, but I’ll be joining as an Emoji component maintainer and I already have partial commit access elsewhere.

cc: @desrosj

#emoji #cdn #dotorg-svn #prio2

#55395-core

Clear codex cache & lower cache TTL?

Per https://meta.trac.wordpress.org/ticket/6168 some codex pages have a cached header HTML + CSS which are incompatible with one another, causing a display mismatch.

While we’re migrating away from the Codex, it appears likely to remain for some time.

Can we please
1. Flush the codex cache
2. Lower the cache TTL, perhaps to a week or two, to avoid the need for future system requests?

#codex #cache #prio2

Enable sub-sites for developer.wordpress.org

The developer.wordpress.org host configuration doesn’t support sub-sites right now, this is due to nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. rules such as rewrite ^/(wp-(admin|includes)/.*) /wordpress/$1 break; rather than the sub-site variant of rewrite ^/([_0-9a-zA-Z-]+/)?(wp-(admin|includes)/.*) /wordpress/$2 break;.

While the existing developer.wordpress.org configuration could be updated to match that of the make.wordpress.org configuration, we can just combine them, serving both networks from the existing make.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ configuration, with the addition of the developer.wordpress.org domain name in the server_name field. There’s nothing special/unique in either configuration, other than generic WordPress MultisiteMultisite Multisite is a WordPress feature which allows users to create a network of sites on a single WordPress installation. Available since WordPress version 3.0, Multisite is a continuation of WPMU or WordPress Multiuser project. WordPress MultiUser project was discontinued and its features were included into WordPress core.https://codex.wordpress.org/Create_A_Network. rules.

A working sub-site configuration would return 200 for this request:

$ curl -sI https://developer.wordpress.org/testing-subsites/wp-includes/css/dashicons.min.css
HTTP/2 404
..

#prio3 #devhub #nginx

Update getinvolved@ email forwarder

Can we please update the forwarder for getinvolved@wordpress.org from support@wordcampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. to get-involved-wordpress@mu.helpscoutapp.com

Thanks!

Not high-priority as I’ve got a forward in place on the Helpscout side until changed.

#email #helpscout #prio2

CORS headers for s.w.org

Would it be possible to enable CORS headers on s.w.org?
A number of CSSCSS CSS is an acronym for cascading style sheets. This is what controls the design or look and feel of a site./JS features require accessing images/svg/fonts via a fetch request, and currently they’ll be blocked due to a cross-origin request. That means we can’t serve svgs, fonts, and some CSS/JS files from the s.w.org CDN and instead use wordpress.org.

I assume these headers would suffice, which conveniently matches s0.wp.com‘s headers, so I assume would be safe for us to do.

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *

If we need to limit it to certain filetypes, images (.svg, .png, .jpg), fonts (.woff2 .woff, .ttf, .eot) and styles/scripts (.css, .js) would probably suffice, but I don’t think there’s any security requirement to do so given the contents of this CDN are static non-cookied non-modifying responses?

Existing cached assets should be fine to be left as-is without the headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes..

Let me know if there’s any questions or concerns.

#crossorigin #cdn #prio3

Deploy & Clear caches for: Planet & Codex

Planet:

In r18253-dotorg I altered a feed url from httpHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. to httpsHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information., which requires the planet cache to be cleared in order for feed updates to continue. I have not deployedDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. this change yet to planet.
r18257-dotorg alters where planet gets it’s headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes./footer from, using some new APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. endpoints, to fetch a new header/footer.

Tested & confirmed working on sandbox.

Please deployDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. & clear Planet cache.

Codex:

In r14081-deploy I altered the Codex header/footer curl script to pull from the same set of new API endpoints.

Tested & confirmed working on my sandbox.

Please deploy & clear the Codex cache.

#prio2 #codex #planet #deploy