[00:00:29] the same data set says we did 174B in calendar year 2017 [00:00:39] Page views is ~200 B a year, right? In my head we'd have slightly more actions than page views, not fewer. [00:00:42] not counting varnish, but I don't think that's a significant portion [00:00:45] Hmm, interesting. [00:01:55] I remember graphing this at some point and finding an anomalous drop in the aggregate requests that I never did find an explanation for [00:02:13] most requests are fully served by varnish and do not involve anything from the API, I think [00:02:21] * bd808 looks for that graph [00:02:42] opening a section on mobile web does, but probably only a small fraction of people read through the intro [00:02:54] tgr: Yes, but users of RTRC will make thousands of API requests in an hour. [00:03:23] Yeah, once we migrate to Parsoid-based HTML that may change the numbers a fair bit. [00:04:17] I'm not sure, those also mainly come from varnish [00:05:06] James_F: pageviews are many actions though [00:05:26] James_F: a pageview might be 30+ requests [00:05:34] True. [00:05:42] for most of 2017 we were seeing ~15B per month. In march of 2018 that dropped down to ~8B per month [00:05:52] and it has stayed down since [00:05:56] Anyway, that was a rather empty Tech Hour. [00:06:23] bd808: Google migrate a query to a different endpoint? Some major third party site get switched off? [00:06:27] bd808: do you know which action dropped? [00:06:54] I was never able to narrow it down, but I didn't dig really deeply [00:07:04] James_F: indeed empty hour but we can keep on talking numbers [00:07:09] bd808: the DATA KNOWS [00:07:15] I do remember looking for both actions and user-agents that had big changes and not really finding a smoking gun [00:07:21] Always. :-) [00:07:43] well we have a PM for APIs now, sounds like something up his alley [00:08:24] * James_F looks meaningfully at evan [00:09:37] tgr: WOW [00:09:49] tgr: a PM for apis [00:10:02] tgr: well, hopefully we see somebody to put all that data to good use [00:11:13] what do PM stand for there? [00:11:22] product manager [00:11:26] bawolff: do please ping if you run into issues again [00:11:28] oh [00:12:09] thanks [09:52:06] I am calling ajax from wiki to toolforg. Getting error efused to connect to 'https://tools.wmflabs.org/gyan/suc/' because it violates the following Content Security Policy [09:53:28] gyan: what is the exact complete "error"? [09:53:51] [Report Only] Refused to connect to 'https://tools.wmflabs.org/gyan/suc/' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org [09:53:51] *.mediawiki.org wikimedia.org". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback. [09:54:16] gyan: Where does it say "error"? [09:54:32] and there is another cross origin error too [09:54:33] Access to XMLHttpRequest at 'https://tools.wmflabs.org/gyan/suc' from origin 'https://or.wikisource.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. [09:54:49] For that, you need to fix the CORS [09:54:53] I think the error part is Refused to connect to [09:54:55] for CSP, there is no error. [09:55:10] it is a warning only. CSP is not in place yet [09:56:23] I see other application using $getJson and there is no warning [09:57:37] Am I missing something [09:58:37] is that a question about csp or about cors? [09:59:16] CSP [09:59:20] gyan: For CORS, see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin [09:59:40] gyan: For CSP: No you don't miss anything. Expected behavior [10:01:26] I think I am getting the CSP warning because #1 am not adding any format like json #2 may be because aI am callling post request [10:06:33] gyan: No, you get it because of https://phabricator.wikimedia.org/T208188 [10:06:43] As I said, nothing to care about right now. [10:10:11] Ahh! that is very important thing I learned. [10:11:59] I have a question. Can I make an ajax (post) call to my website from my commons.js on wikipedia? [10:12:34] Mywebsite = which will send some data back [10:29:15] Never mind I figured it out. [12:32:54] quick question – is it okay to file a security issue on Phabricator for a bug that’s not in MediaWiki, but in a tool that also uses Phabricator? [12:33:07] or will that make someone freak out because new security issue? :D [12:37:11] Lucas_WMDE: no, thats fine [12:37:24] okay, thanks :)