IP routing issues / IP Blocked?

@theogibb has reported what looks to be either an upstream routing issue between Singlehop & Zayo, an IP blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. in the upstream provider, or a routing issue in a UK ISP.

Could someone from systems take a look? Unsure if this affects an individual or a wider network. The IP included is a DSL IP, so probably rather low priority unless this affects a wider range of users.

Traceroutes in https://wordpress.org/support/topic/my-ip-address-blocked-on-wordpress-org/ & https://wordpress.slack.com/archives/C02QB8GMM/p1735467303643249

Reverse traceroute to IP:

$ mtr -rc2 77.104.182.26
Start: Tue Jan  7 01:21:28 2025
HOST: dev.wordpress.org  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- wordpress.org              0.0%    10    0.4   0.3   0.2   0.4   0.0
  2.|-- asw-fy171.ord03.singlehop  0.0%    10    0.9   0.9   0.8   1.0   0.0
  3.|-- cr1.c09c10.r15.s101.chi03  0.0%    10   45.1  45.1  45.0  45.2   0.0
  4.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

$ mtr -rnc2 77.104.182.26
Start: Tue Jan  7 01:23:41 2025
HOST: dev.wordpress.org  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 198.143.164.2              0.0%     2    0.3   0.3   0.3   0.3   0.0
  2.|-- 108.178.47.246             0.0%     2    0.8   0.8   0.8   0.9   0.0
  3.|-- 99.198.126.62              0.0%     2   45.2  45.2  45.2  45.2   0.0
  4.|-- ???                       100.0     2    0.0   0.0   0.0   0.0   0.0

$ mtr -rc2 77.104.182.<strong>1</strong>
Start: Tue Jan  7 01:26:09 2025
HOST: dev.wordpress.org  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- wordpress.org              0.0%     2    0.4   0.4   0.4   0.4   0.0
  2.|-- dr6506a.ord03.singlehop.net  0.0%     2    0.9   1.0   0.9   1.1   0.0
  3.|-- 77-104-182-1.dsl.in-addr.zen.co.uk  0.0%     2   45.2  45.2  45.2  45.2   0.0

(Note: Last is to the .1 which has no losses, but doesn’t seem to share any common route with end-users provided traceroute)

#prio3 #routing #connectivity

CORS headers for ps.w.org & ts.w.org

As mentioned on Slack

In addition to s.w.org , is it possible to enable CORS headers for image files on ps.w.org? Can’t post to make/systems myself.
Things like pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party icons can be shown in the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor (block directory), and with certain setups and new features (like client-side media processing), CORS headers are needed for displaying them.

If you’re gonna enable it for ps, might as well add it for ts too.

CORS headers are indeed needed for those resources for JavascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. processing of images, is it possible to enable CORS headers for this domain (either for image file types, or all files, given it’s a cookieless domain and reverse proxy for specific matching paths)

#prio3 #cdn

Add minimum commit message length for core.

Per https://meta.trac.wordpress.org/ticket/7784 an empty-message commit was made to develop.svn accidentally: https://core.trac.wordpress.org/changeset/59087

We’ve got a minimum-message-length enforced for plugins.svn & themes.svn, can that same check please be applied to at least develop.svn (or preferably all SVNs?)

#prio3 #svn

Enable SSL for additional *.wp.org domains

End-users often shorten links to WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ with the wp.org domain. This isn’t an official domain that’s used, but we do have a redirect in place for it.

Currently the list of SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server.-enabled subdomains is rather small compared to the *.wordpress.org domains.

Can we expand the list of subdomains SSL is supported on, at least to the non-locale-site domains used by contributors?

wp.org www.wp.org developer.wp.org events.wp.org make.wp.org learn.wp.org login.wp.org profiles.wp.org sv.wp.org translate.wp.org schemas.wp.org

I do note that sv.wp.org is included in the current SSL cert, I’m unsure why that domain was specifically included, I don’t personally think it’s worth listing all rosetta subdomains, as we’d have to constantly update the list, so I haven’t included those above. Similarly, I don’t think it’s worth enabling wildcard support for this domain at this time due to the LE integration limitations at present.

ref: https://meta.trac.wordpress.org/ticket/7526

cc @flexseth

#prio3 #ssl

Redirect gutenberg.run

Currently gutenberg.run is hosted by a DigitalOcean instance that we’d like to shut down.

Can we please have that domain setup as a redirect to https://playground.wordpress.net/gutenberg.html?

Thanks in advance!

cc @adamziel
#gutenberg-run #playground #redirect #prio3

IPv6 Support

WordPress is deployedDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. in a large number of environments; and increasingly this is leading to WordPress being used within IPv6-only deployments, where there exists no form of IPv4/dual-stack/IPv64 gateway.

It’s no secret that hosts should realistically provide a 6to4 gateway, or NAT64 / DNS64 service when supplying IPv6-only hosts, but due to the extra burden that supporting both IPv6 and IPv4 places upon them, they’re often (especially in low-cost/low-end VPS markets) choosing against this, and placing the burden upon other hosting infrastructure (WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/) instead.

This is leading to an increase in the number of end-user requests along the lines of “Why doesn’t WordPress just work” and “Get with the times”, which while unhelpful, are a valid segment of the WordPress users.

WordPress is not alone in the list of applications installed in hosting environments which doesn’t natively support IPv6, but we’re also not important enough to many of the use-cases for those services (Who often explicitly state, that it’s not viable to be used as a production hosting environment) to cause them to implement basic network functionality to support us.

Current state of IPv6 on WordPress.org:

  • ✅ WordPress.org CDN supports IPv6 (s.w.org)
  • ❌ WordPress APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. & Downloads are available over IPv6
  • ❌ WordPress.org website is available over IPv6

Meta ticket for reference: https://meta.trac.wordpress.org/ticket/3090

This isn’t a ticket requesting IPv6 support; but rather, a discussion point over when IPv6 support may be able to be offered, and any limitations in the WordPress.org infrastructure that currently limits us in providing that.

#prio3 #ipv6

Update plugins.trac templates.

Similar to https://make.wordpress.org/systems/2023/02/06/update-plugins-trac-templates/ can we please have svnup-meta-checkouts.sh run on svn2?

Could we also consider adding it to a cron task that runs daily on svn2? (svn1 does not need this)

On svn1 it runs whenever a change to the paths it checks out is modified.

#trac #svn #prio3

ImageMagick for Photo Directory?

https://meta.trac.wordpress.org/ticket/7460 has asked:

Would it be possible to use ImageMagick for the Photo Directory to better preserve the original colors in the submitted photos?

Is it possible to enable ImageMagick on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/? Any systems reasons why it shouldn’t be?

#prio3 #photos #imagemagick

CORS requests for api.wordpress.org

Most of the WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. endpoints accept CORS requests, but nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. isn’t forwarding OPTIONS requests to these endpoints, when nginx considers it a “static” resource (ie. / and not /index.php)

$ curl -IsX OPTIONS https://api.wordpress.org/core/version-check/1.7/ | grep -Ei '^(HTTP|Access)'
HTTP/1.1 405 Not Allowed

$ curl -IsX OPTIONS https://api.wordpress.org/core/version-check/1.7/index.php | grep -Ei '^(HTTP|Access)'
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *

This is causing problems for playground when making requests that include custom headers, as a preflight request needs to be made.

Would it be possible to redirect OPTIONS on “static” URIs to PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php.? Looks like error_page 405 =200 $uri; would do it.

Thanks!

#prio3 #playground #cors

Email forwarding for git.wordpress.org

Would it be possible to add email forwarding for username@git.wordpress.org like we have for username@chat.wordpress.org for emails from GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/?

We currently request committers do it, but there’s a proposal to use Co-Authored-By: .....@git.wordpress.org which would benefit from being able to actually verify the email on GitHub.

In my opinion, this forwarder could be shared with the @chat forwarder, unless it’s super easy to split allowed senders by domain.

#prio3 #email #github