'dnt',
'origin',
/* MediaWiki whitelist */
+ 'user-agent',
'api-user-agent',
] );
foreach ( $requestedHeaders as $rHeader ) {
$rHeader = strtolower( trim( $rHeader ) );
if ( !isset( $allowedAuthorHeaders[$rHeader] ) ) {
- wfDebugLog( 'api', 'CORS preflight failed on requested header: ' . $rHeader );
+ LoggerFactory::getInstance( 'api-warning' )->warning(
+ 'CORS preflight failed on requested header: {header}', [
+ 'header' => $rHeader
+ ]
+ );
return false;
}
}
} else {
// Something is seriously wrong
$config = $this->getConfig();
+ // TODO: Avoid embedding arbitrary class names in the error code.
$class = preg_replace( '#^Wikimedia\\\Rdbms\\\#', '', get_class( $e ) );
$code = 'internal_api_error_' . $class;
+ $data = [ 'errorclass' => get_class( $e ) ];
if ( $config->get( 'ShowExceptionDetails' ) ) {
if ( $e instanceof ILocalizedException ) {
$msg = $e->getMessageObject();
$params = [ 'apierror-exceptioncaughttype', WebRequest::getRequestId(), get_class( $e ) ];
}
- $messages[] = ApiMessage::create( $params, $code );
+ $messages[] = ApiMessage::create( $params, $code, $data );
}
return $messages;
}
// Add errors from the exception
$modulePath = $e instanceof ApiUsageException ? $e->getModulePath() : null;
foreach ( $this->errorMessagesFromException( $e, 'error' ) as $msg ) {
- $errorCodes[$msg->getApiCode()] = true;
+ if ( ApiErrorFormatter::isValidApiCode( $msg->getApiCode() ) ) {
+ $errorCodes[$msg->getApiCode()] = true;
+ } else {
+ LoggerFactory::getInstance( 'api-warning' )->error( 'Invalid API error code "{code}"', [
+ 'code' => $msg->getApiCode(),
+ 'exception' => $e,
+ ] );
+ $errorCodes['<invalid-code>'] = true;
+ }
$formatter->addError( $modulePath, $msg );
}
foreach ( $this->errorMessagesFromException( $e, 'warning' ) as $msg ) {
if ( $numLagged >= ceil( $replicaCount / 2 ) ) {
$laggedServers = implode( ', ', $laggedServers );
wfDebugLog(
- 'api-readonly',
+ 'api-readonly', // Deprecate this channel in favor of api-warning?
"Api request failed as read only because the following DBs are lagged: $laggedServers"
);
+ LoggerFactory::getInstance( 'api-warning' )->warning(
+ "Api request failed as read only because the following DBs are lagged: {laggeddbs}", [
+ 'laggeddbs' => $laggedServers,
+ ]
+ );
$this->dieWithError(
'readonly_lag',
* @param array $params An array with the request parameters
*/
protected function setupExternalResponse( $module, $params ) {
+ $validMethods = [ 'GET', 'HEAD', 'POST', 'OPTIONS' ];
$request = $this->getRequest();
+
+ if ( !in_array( $request->getMethod(), $validMethods ) ) {
+ $this->dieWithError( 'apierror-invalidmethod', null, null, 405 );
+ }
+
if ( !$request->wasPosted() && $module->mustBePosted() ) {
// Module requires POST. GET request might still be allowed
// if $wgDebugApi is true, otherwise fail.