[wp-meta] [Making WordPress.org] #3474: Introduce `serve-happy` API endpoint
Making WordPress.org
noreply at wordpress.org
Wed Feb 21 18:24:33 UTC 2018
#3474: Introduce `serve-happy` API endpoint
--------------------------------------+-----------------------
Reporter: flixos90 | Owner: dd32
Type: task | Status: accepted
Priority: normal | Milestone:
Component: API | Resolution:
Keywords: has-patch has-unit-tests |
--------------------------------------+-----------------------
Comment (by flixos90):
Replying to [comment:3 dd32]:
> Returning `latest_php` probably isn't going to be useful to the
implementation, nor actually be updated as often as PHP releases are made,
so it's probably worth dropping that field entirely. BrowseHappy the
website IIRC pulls the data from another source, which I don't think we'd
want to implement in an API.
Agreed, I can see the maintenance cost for that being too high for now,
especially since it's not absolutely necessary.
> Can we cache the API endpoint responses based on the `REQUEST_URI`
alone? (If possible, reliance upon `$_POST` and `$_SERVER` vars means
caching isn't really viable) At present it appears as such.
Right now, the code uses `$_REQUEST` to get the parameters passed
(`php_version`). WordPress typically has used POST requests for all the
APIs afaik, but we could also use GET requests for this one instead, like
`api.wordpress.org/core/serve-happy/1.0/?php_version=5.3`. Should we
change the code so that it checks `$_GET` instead of `$_REQUEST`?
Regarding `$_SERVER`, that is only used to detect the protocol.
> How is it planned for the `upgrade_url` parameter passed to be host-
specific? What data would be used?
This is currently unknown. Maybe the IP address could be used. I thought
it may be future-proof to include this field and also support it in core.
This would mean whenever we get there, we don't need to wait for a core
update. But since none of us has concrete ideas yet, we may also get rid
of it.
> Including the URL to `https://wordpress.org/support/upgrade-php/` seems
like a worthwhile idea at first, although having it hard-coded in core
would allow for locales to translate it into their own languages - which
is far more important than it being included in the API.
I thought about this too. I think we could support a `locale` parameter
being passed (in the same way as the `php_version` parameter). Then this
could return the correct URL. There's benefits and downsides to the API
approach: The advantage would be that we can simply change the URL if it
changes (which it may in the future, per recent discussions). The
disadvantage is that it's probably more time-consuming to change URLs for
locales in the codebase than in a translation string.
> The `'upgrade'` flag isn't whether it needs upgrading, but if
WordPress.org believes it's `out-of-date`. Calling it `upgrade` seems like
a misnomer, It's not "Oh you're running 7.0.1, so you need to upgrade to
7.0.27".
> Two options I thought of while looking at it:
> 1. Combine to single field, `status` => `out_of_date,
no_security_updates, ok, latest` (`ok` is a bit of a random 'status' here,
`latest` could be combined into it too)
> 1. Rename to more verbose flags such as (for PHP 5.2) `out_of_date` =>
`true` & `receiving_security_updates` => `false`
That makes sense. I prefer the first approach, with a single `status`
field. I think we don't need `latest`, particularly as it would require us
to keep up with the latest PHP version available (see above). Maybe there
could be another status like `up_to_date` for when the version is >=
WordPress' recommended PHP version (that name is probably not good
though). That would leave us with 4 statuses. But I don't have a strong
opinion on this, we could also just have three (only `ok` as "good"
status).
> I think we're okay to assume that PHP will retain it's [http://php.net
/supported-versions.php supported versions security deprecation] schedule
for 7.x, but I question if it'll stay that way come `8.0`, having a
`insecure_php <= 5.6` might not work too good in a far distant future, one
we can cross when we get there (and lets ignore that Dec 3rd -> 31st
window where 5.6 gets updates, but 7.0 doesn't :) )
Good point. I'm not sure whether we should change behavior for that, but
we could consider not including these version numbers in the API
responses. It would however be less transparent to the client then.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3474#comment:4>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list