Comments: Skip Photon resizing for Facebook avatars by aduth · Pull Request #6872 · Automattic/jetpack

aduth · 2017-04-03T16:22:49Z

Fixes Automattic/io#668
Fixes #6992

Changes proposed in this Pull Request:

For comments left by users authenticated via Facebook or Twitter, no longer attempt to resize the avatar via Photon. This resolves an issue with Facebook avatars appearing broken due to limitations of Photon respecting query parameters of the source image URL. Specifically, the redirect of a picture resource from Facebook's Graph API includes query parameters that must be included in the CDN image request, otherwise resulting in a 403 status (broken image).

Note query parameters after following redirect:

http://graph.facebook.com/600634677/picture

Testing instructions:

Verify that a post with comments left by either Facebook or Twitter users show their respective Facebook or Twitter avatar.

cc @KokkieH @kraftbj @chaitanyamsv

jeherve · 2017-04-04T16:10:05Z

modules/comments/base.php

 		}
 	}
-
-	/**


Instead of creating a new function, I wonder if we could add the graph.facebook.com domain to the list of banned domains in Photon, here:
https://github.com/Automattic/jetpack/blob/master/functions.photon.php#L303

That would solve the issue everywhere where such URLs are being used, not just in comments.

That said, it would be interesting to find out why the domain was whitelisted in the first place:
https://github.com/Automattic/jetpack/blame/master/functions.photon.php#L275

It seems it was done here:
https://code.trac.wordpress.org/ticket/17

cc @mdawaffe

@mdawaffe is out for awhile, so it'll be best to add the domain to the banned list and circle back later if needed.

Agree with adding any domains that fail to the banned list instead of removing the functionality outright.

Banned domain seems like a more direct and safer approach, sure. Sorta begs the question why we call Photon functions with a banned domain in the first place (at least assuming we know it would be one, as is the case here).

The explicit whitelisting is interesting though... because the filter it's attached to is related to query arguments being preserved, not unlike the issue we're seeking to resolve here. But the case we're encountering is not that the URL passed through jetpack_photon_url needs query arguments but rather the URL it redirects to (only determined Photon server-side). It may be the case that this redirect had not always existed?

This reverts commit fff68e0.

jeherve

While the changes appear to work, I still see some issues in the WordPress.com comment iFrames; Photon still seems to be applied there:

The PR also didn't change the behaviour for Twitter comments, although Twitter is mentioned in the PR title. Should we exclude Twitter URLs as well?

aduth · 2017-04-25T18:37:31Z

I still see some issues in the WordPress.com comment iFrames

I imagine we'll need to sync equivalent changes to WordPress.com for this to be resolved.

The PR also didn't change the behaviour for Twitter comments, although Twitter is mentioned in the PR title.

I'm not aware of any issues with Photon being applied to Twitter images. Excluding Twitter in the original changes was likely more a point of consistency in how we'd treated "foreign avatars" in the comment's get_avatar method.

jeherve · 2017-04-27T08:37:39Z

Excluding Twitter in the original changes was likely more a point of consistency in how we'd treated "foreign avatars" in the comment's get_avatar method.

That makes sense. Should we then exclude the Twitter domain from Photon as well?

aduth · 2017-04-27T18:25:10Z

Should we then exclude the Twitter domain from Photon as well?

I don't think we need to.

jeherve

It should work now! Worth noting that we'll need to fix this on WordPress.com as well.

jeherve · 2017-05-22T20:39:03Z

It might be worth including Facebook's fbcdn.net CDN URLs as well, as they are not compatible with Photon either. Here is an example:

https://scontent-mrs1-1.xx.fbcdn.net/v/t31.0-8/12465927_813290572132664_8975279368599689506_o.jpg?oh=dce7dae9c356386c5bb24e64cf3fa56d&oe=598B3042

Reported in 3221931-t and in this thread.

aduth · 2017-05-23T00:16:33Z

Makes sense @jeherve . 6aeef69 takes a slightly different approach, testing against banned host name patterns to accommodate wildcard subdomain on Facebook's CDN URLs.

jeherve

These last changes work for me! 🚢

@see

* Changelog: first pass at a changelog for 5.0 * Changelog: delete 4.9 testing list. * Changelog: update minimum WP version to match ver. in jetpack.php Fixes #7158 * Changelog: add #6051 * Changelog: add #6753 * Changelog: add #6928 * Changelog: add #6964 * Changelog: add #7014 * Changelog: add #7057 * Changelog: add #7060 * Changelog: add #7068 * Changelog: add #7070 * Changelog: add #7072 * Changelog: add #7071 * Changelog: add release date and post shortlink. * Changelog: add #7094 * Changelog: add #7100 * Changelog: add #7108 * Changelog: add #7113 * Changelog: add #7123 * Changelog: add #7135 * Changelog: add #7143 * Changelog: add #7151 * Changelog: add #6996 * Changelog: add #7105 * Changelog: add #7132 * Changelog: add #7166 * Changelog: fix typo in 4.9 changelog. * Changelog: remove older releases' changelogs. @see p1HpG7-42e-p2 * Changelog: add #7090 * Changelog: add #7095 * Changelog: add #7112 * Changelog: add #7115 * Changelog: add #7122 * Changelog: add #7137 * Changelog: add #7138 * Changelog: add #7140 * Changelog: add #7154 * Changelog: add ##7155 * Changelog: add #7163 * Changelog: add #7167 * Changelog: add #7171 * Changelog: add #7180 * Changelog: add #7181 * Changelog: add #7183 * Changelog: add #7184 * Changelog: add #7189 * Changelog: add #7191 * Changelog: add #7193 * Changelog: add #7198 * Changelog: add #7200 * Changelog: add #7209 * Changelog: add #7212 * Testing list: add instructions for #7115 * Changelog: add #7188 * Changelog: add #7205 * Changelog: add #7225 * Changelog: add #6872 * Changelog: add #7107 * Changelog: add #7118 * Changelog: add #7142 * Changelog: add #7170 * Changelog: add #7210 * Changelog: add #7218 * Changelog: add #7232 * Changelog: add #7211 * Changelog: add #7213 * Changelog: add #7229 * Changelog: add #7230 * Changelog: add #7214 * Draft changelog for 5.0 * Changelog updates: 2nd pass at a clearer changelog. - Fix typos. - Use consistent tense and tone across all changelog. - Remove unclear items. * Changelog: add #7026 * Changelog: add #7058 * Changelog: add #7125 * Changelog: add #7249 * Changelog: add #7185 * add mentions of image widget migration * Changelog: add info about new output for CLI command. * Changelog: add WP version number matching the new Image Widget.

billbennettnz · 2017-06-06T23:47:23Z

I'm still seeing broken Twitter avatars in my Jetpack comments. Is this the same problem?

zinigor · 2017-06-07T08:44:37Z

@billbennettnz we can't be sure, can you provide a link to the page where you're seeing broken Twitter avatars please? Or at least copy the URL of the broken image and paste it here in a comment? Thanks!

billbennettnz · 2017-06-07T19:10:13Z

Hi Igor I replied earlier to your colleague Anne MaCarthy can you see that or shall I resend to you?

…

Sent from my iPad

On 7/06/2017, at 8:44 PM, Igor Zinovyev ***@***.***> wrote: @billbennettnz we can't be sure, can you provide a link to the page where you're seeing broken Twitter avatars please? Or at least copy the URL of the broken image and paste it here in a comment? Thanks! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

zinigor · 2017-06-07T20:13:12Z

@billbennettnz yes, thank you, Anne has pointed me in the right direction, let's continue there.

aheckler · 2017-06-30T18:39:48Z

@annezazu @zinigor I have another user for whom this is still happening in 3136104-t. Do y'all have a link to the ticket I can check out? Or maybe @billbennettnz can chime in if the issue was fixed?

annezazu · 2017-07-02T18:31:11Z

3250576-t @aheckler

billbennettnz · 2017-07-02T21:15:28Z

Just checked, it still happens. See the bottom comment on this page:

https://billbennett.co.nz/2016/04/25/doing-one-thing-at-a-time-works-wonders/

Comments: Skip Photon resizing for Facebook / Twitter avatars

fff68e0

aduth added [Feature] Comments [Status] Needs Review This PR is ready for review. labels Apr 3, 2017

matticbot added the Touches WP.com Files label Apr 3, 2017

jeherve reviewed Apr 4, 2017

View reviewed changes

jeherve added [Pri] High [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. and removed [Status] Needs Review This PR is ready for review. labels Apr 4, 2017

aduth added 2 commits April 5, 2017 13:18

Revert "Comments: Skip Photon resizing for Facebook / Twitter avatars"

d44a010

This reverts commit fff68e0.

Ban Facebook Graph API images from Photon

a2496c7

aduth added [Status] Needs Review This PR is ready for review. and removed [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. labels Apr 5, 2017

jeherve mentioned this pull request Apr 19, 2017

Discussion: problems with avatar when user logs using facebook #6992

Closed

jeherve modified the milestone: 4.9 Apr 24, 2017

jeherve reviewed Apr 24, 2017

View reviewed changes

jeherve added [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. and removed [Status] Needs Review This PR is ready for review. labels Apr 24, 2017

jeherve removed this from the 4.9 milestone Apr 25, 2017

jeherve changed the title ~~Comments: Skip Photon resizing for Facebook / Twitter avatars~~ Comments: Skip Photon resizing for Facebook avatars Apr 27, 2017

jeherve added [Status] Needs Review This PR is ready for review. and removed [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. labels Apr 27, 2017

jeherve approved these changes Apr 27, 2017

View reviewed changes

jeherve added [Status] Ready to Merge Go ahead, you can push that green button! and removed [Status] Needs Review This PR is ready for review. labels Apr 27, 2017

Include Facebook CDN as banned Photon host pattern

6aeef69

jeherve approved these changes May 23, 2017

View reviewed changes

eliorivero merged commit 72d27da into master May 24, 2017

eliorivero deleted the fix/comments-photon branch May 24, 2017 19:12

eliorivero removed the [Status] Ready to Merge Go ahead, you can push that green button! label May 24, 2017

jeherve added [Status] Needs Changelog and removed [Status] Needs Changelog labels May 24, 2017

jeherve added a commit that referenced this pull request May 29, 2017

Changelog: add #6872

384a1e2

               		}
               	}
-              	/**

Conversation

aduth commented Apr 3, 2017 • edited by jeherve Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes proposed in this Pull Request:

Testing instructions:

Uh oh!

jeherve Apr 4, 2017

Choose a reason for hiding this comment

Uh oh!

kraftbj Apr 4, 2017

Choose a reason for hiding this comment

Uh oh!

aduth Apr 5, 2017

Choose a reason for hiding this comment

Uh oh!

jeherve left a comment

Choose a reason for hiding this comment

Uh oh!

aduth commented Apr 25, 2017

Uh oh!

jeherve commented Apr 27, 2017

Uh oh!

aduth commented Apr 27, 2017

Uh oh!

jeherve left a comment

Choose a reason for hiding this comment

Uh oh!

jeherve commented May 22, 2017

Uh oh!

aduth commented May 23, 2017

Uh oh!

jeherve left a comment

Choose a reason for hiding this comment

Uh oh!

billbennettnz commented Jun 6, 2017

Uh oh!

zinigor commented Jun 7, 2017

Uh oh!

billbennettnz commented Jun 7, 2017 via email

Uh oh!

zinigor commented Jun 7, 2017

Uh oh!

aheckler commented Jun 30, 2017

Uh oh!

annezazu commented Jul 2, 2017

Uh oh!

billbennettnz commented Jul 2, 2017

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

aduth commented Apr 3, 2017 •

edited by jeherve

Loading