[10:16:54] <score>	 1032 (An Untitled Masterwork)root@cumin1001:~# cookbook sre.hosts.decommission -t T249590 dbproxy1011.eqiad.wmnetSTART - Cookbook sre.hosts.decommissionATTENTION: destructive action for 1 hosts: dbproxy1011.eqiad.wmnetAre you sure to proceed?Type "done" to proceed...
[10:16:55] <stashbot>	 T249590: decommission dbproxy1011.eqiad.wmnet - https://phabricator.wikimedia.org/T249590
[17:48:30] <iridescence>	 bd808: Hi! Do you have time to look into the CSP violation problem?
[17:49:21] <bd808>	 iridescence: I'm not sure what you are asking me. Can you rephrase your question?
[17:49:42] <iridescence>	 https://phabricator.wikimedia.org/T250922
[17:50:44] <bd808>	 Are you asking if I would take the time to fix this for you?
[17:51:02] <bd808>	 I suggested a possible fix in the report -- adding a reverse proxy with a restrictive allow list for proxied URLs to the tool itself is probably the "best" way to present the desired content without exposing the user to direct interaction with 3rd party hosting and potential tracking
[17:51:48] <bd808>	 basically this would mean having server side code deployed in your tool that fetched the remote data and sent it to the browser
[17:52:22] <bd808>	 the tricky part of that is making sure you do not create an anonymizing proxy for all content on the internet
[17:52:52] <bd808>	 that would be bad and also against the Toolforge + Cloud VPS terms of use
[17:53:38] <iridescence>	 Well, I don't have any intension on making something like that.
[17:54:58] <iridescence>	 But, I have tried to make something. Unfortunately the JS code is complaining about CORS.
[17:55:31] <iridescence>	 By using PHP, btw
[17:55:42] <bd808>	 are you sending an "Access-Control-Allow-Origin: *" header with the content?
[17:56:24] <bd808>	 that's the magic that CORS will need, but also the origin should match the origin the js was loaded from
[17:57:09] <bd808>	 which means you really should not need CORS support unless there is another origin for the js that is calling into your tool
[17:59:27] <iridescence>	 So it most be from the same "domain"?
[18:03:55] <bd808>	 iridescence: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS explains much better than I can
[18:10:05] <iridescence>	 Yeah, I have read most of that doc. It's like everyone on the internet is linking to that page. but how do I create this proxy that only the application should be allowed to use and that allows the program to fetch data from. :)
[18:24:24] <Majavah>	 bd808: when you have time could you review https://gerrit.wikimedia.org/r/c/labs/striker/+/591811 please
[19:22:18] <bd808>	 !log tools Increased Kubernetes services quota for bd808-test tool.
[19:22:22] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/SAL
[20:26:27] <wm-bot>	 I will let you know when I see iridescence and I will deliver that message to them
[20:26:27] <bd808>	 @notify iridescence https://phabricator.wikimedia.org/T250922#6079763 -- I may have found a solution for you