While backporting the fixes for T328143 today, I was unable to test the changes on mwdebug servers. This made the process riskier than it should have been, since the change has to be deployed for all users before it could have been verified in production.
I was using the Chrome extension to test the backport on mwdebug servers: https://chrome.google.com/webstore/detail/wikimediadebug/binmakecefompkjggiklgjenddjoifbb
And I got the following error message in the console:
Access to XMLHttpRequest at 'https://cxserver.wikimedia.org/v2/page/fr/pl/Coquille_Saint-Jacques' from origin 'https://pl.wikipedia.org' has been blocked by CORS policy: Request header field x-wikimedia-debug is not allowed by Access-Control-Allow-Headers in preflight response.
Similar bug in another product: T252826: Whitelist x-wikimedia-debug header field (currently not allowed by Access-Control-Allow-Headers in preflight response)
We have two options here:
The logic could later on be expanded, if desired, into an actual debug mode. E.g. to also increase Logstash verbosity, or do something else useful. This is the approach we usually take, e.g. ORES, Thumbor, WMCS, api-gateway, Graphite/Grafana, etc all allow the header, and in some cases also change behaviour (e.g. in case of Thumbor it exposes extra details through various response headers that we normally strip for performance reasons).
We don't have any exemptions today, but we could create one.
cc @KartikMistry
Change 889059 had a related patch set uploaded (by KartikMistry; author: KartikMistry):
[mediawiki/services/cxserver@master] Allow x-wikimedia-debug in request header
https://gerrit.wikimedia.org/r/889059
Change 889059 merged by jenkins-bot:
Change 889483 had a related patch set uploaded (by KartikMistry; author: KartikMistry):
[operations/deployment-charts@master] Update cxserver to 2023-02-15-085109-production
https://gerrit.wikimedia.org/r/889483
Change 889483 merged by jenkins-bot:
Mentioned in SAL (#wikimedia-operations) [2023-02-16T06:15:59Z] <kart_> Updated cxserver to 2023-02-15-085109-production ( T328310 , T110190 , T116466 )