{"host": "cp2044.codfw.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3969, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Class[Profile::Cache::Varnish::Frontend]", "parameters": "--- Class[Profile::Cache::Varnish::Frontend].orig\n+++ Class[Profile::Cache::Varnish::Frontend]\n\n@@\n-    fe_vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None'}\n+    fe_vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint'}\n"}, {"resource": "Varnish::Wikimedia_vcl[/etc/varnish/upload-frontend.inc.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/etc/varnish/upload-frontend.inc.vcl].orig\n+++ Varnish::Wikimedia_vcl[/etc/varnish/upload-frontend.inc.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "File[/usr/share/varnish/tests/upload-frontend.inc.vcl]", "content": "--- /usr/share/varnish/tests/upload-frontend.inc.vcl.orig\n+++ /usr/share/varnish/tests/upload-frontend.inc.vcl\n@@ -580,23 +580,13 @@\n         // Restrict uploads from loading external resources across all of upload.w.o (T117618)\n         // PDFs require object-src: self\n         if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n         } else {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n-        }\n-\n-        // Testwiki now in enforce mode\n-        if (req.url ~ \"^/wikipedia/test\") {\n-            if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-                // PDFs don't like no object-src and sandbox in chrome\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            } else {\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            }\n         }\n     }\n "}, {"resource": "File[/etc/varnish/upload-frontend.inc.vcl]", "content": "--- /etc/varnish/upload-frontend.inc.vcl.orig\n+++ /etc/varnish/upload-frontend.inc.vcl\n@@ -580,23 +580,13 @@\n         // Restrict uploads from loading external resources across all of upload.w.o (T117618)\n         // PDFs require object-src: self\n         if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n         } else {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n-        }\n-\n-        // Testwiki now in enforce mode\n-        if (req.url ~ \"^/wikipedia/test\") {\n-            if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-                // PDFs don't like no object-src and sandbox in chrome\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            } else {\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            }\n         }\n     }\n "}, {"resource": "Varnish::Wikimedia_vcl[normalize_path -frontend]", "parameters": "--- Varnish::Wikimedia_vcl[normalize_path -frontend].orig\n+++ Varnish::Wikimedia_vcl[normalize_path -frontend]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Wikimedia_vcl[/usr/share/varnish/tests/upload-frontend.inc.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/usr/share/varnish/tests/upload-frontend.inc.vcl].orig\n+++ Varnish::Wikimedia_vcl[/usr/share/varnish/tests/upload-frontend.inc.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_upload-frontend.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_upload-frontend.vcl].orig\n+++ Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_upload-frontend.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Class[Varnish::Common::Vcl]", "parameters": "--- Class[Varnish::Common::Vcl].orig\n+++ Class[Varnish::Common::Vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Instance[upload-frontend]", "parameters": "--- Varnish::Instance[upload-frontend].orig\n+++ Varnish::Instance[upload-frontend]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_upload-frontend.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_upload-frontend.vcl].orig\n+++ Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_upload-frontend.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}], "perc_changed": "0.25%"}, "core": {"total": 3969, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/usr/share/varnish/tests/upload-frontend.inc.vcl]", "content": "--- /usr/share/varnish/tests/upload-frontend.inc.vcl.orig\n+++ /usr/share/varnish/tests/upload-frontend.inc.vcl\n@@ -580,23 +580,13 @@\n         // Restrict uploads from loading external resources across all of upload.w.o (T117618)\n         // PDFs require object-src: self\n         if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n         } else {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n-        }\n-\n-        // Testwiki now in enforce mode\n-        if (req.url ~ \"^/wikipedia/test\") {\n-            if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-                // PDFs don't like no object-src and sandbox in chrome\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            } else {\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            }\n         }\n     }\n "}, {"resource": "File[/etc/varnish/upload-frontend.inc.vcl]", "content": "--- /etc/varnish/upload-frontend.inc.vcl.orig\n+++ /etc/varnish/upload-frontend.inc.vcl\n@@ -580,23 +580,13 @@\n         // Restrict uploads from loading external resources across all of upload.w.o (T117618)\n         // PDFs require object-src: self\n         if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n         } else {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n-        }\n-\n-        // Testwiki now in enforce mode\n-        if (req.url ~ \"^/wikipedia/test\") {\n-            if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-                // PDFs don't like no object-src and sandbox in chrome\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            } else {\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            }\n         }\n     }\n "}], "perc_changed": "0.05%"}, "main": {"total": 3969, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "Class[Profile::Cache::Varnish::Frontend]", "parameters": "--- Class[Profile::Cache::Varnish::Frontend].orig\n+++ Class[Profile::Cache::Varnish::Frontend]\n\n@@\n-    fe_vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None'}\n+    fe_vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint'}\n"}, {"resource": "Varnish::Wikimedia_vcl[/etc/varnish/upload-frontend.inc.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/etc/varnish/upload-frontend.inc.vcl].orig\n+++ Varnish::Wikimedia_vcl[/etc/varnish/upload-frontend.inc.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "File[/usr/share/varnish/tests/upload-frontend.inc.vcl]", "content": "--- /usr/share/varnish/tests/upload-frontend.inc.vcl.orig\n+++ /usr/share/varnish/tests/upload-frontend.inc.vcl\n@@ -580,23 +580,13 @@\n         // Restrict uploads from loading external resources across all of upload.w.o (T117618)\n         // PDFs require object-src: self\n         if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n         } else {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n-        }\n-\n-        // Testwiki now in enforce mode\n-        if (req.url ~ \"^/wikipedia/test\") {\n-            if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-                // PDFs don't like no object-src and sandbox in chrome\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            } else {\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            }\n         }\n     }\n "}, {"resource": "Varnish::Wikimedia_vcl[/usr/share/varnish/tests/upload-frontend.inc.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/usr/share/varnish/tests/upload-frontend.inc.vcl].orig\n+++ Varnish::Wikimedia_vcl[/usr/share/varnish/tests/upload-frontend.inc.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "File[/etc/varnish/upload-frontend.inc.vcl]", "content": "--- /etc/varnish/upload-frontend.inc.vcl.orig\n+++ /etc/varnish/upload-frontend.inc.vcl\n@@ -580,23 +580,13 @@\n         // Restrict uploads from loading external resources across all of upload.w.o (T117618)\n         // PDFs require object-src: self\n         if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n         } else {\n-            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&\";\n+            set resp.http.Reporting-Endpoints = \"csp-endpoint\";\n+            set resp.http.Content-Security-Policy-Report-Only = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\";\n             set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only;\n-        }\n-\n-        // Testwiki now in enforce mode\n-        if (req.url ~ \"^/wikipedia/test\") {\n-            if ( req.url ~ \"(?i)\\.pdf$\" ) {\n-                // PDFs don't like no object-src and sandbox in chrome\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            } else {\n-                set resp.http.Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-                set resp.http.X-Content-Security-Policy = \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; sandbox; report-uri https://commons.wikimedia.org/w/api.php?reportonly=0&source=image&action=cspreport&format=json&\";\n-            }\n         }\n     }\n "}, {"resource": "Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_upload-frontend.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_upload-frontend.vcl].orig\n+++ Varnish::Wikimedia_vcl[/usr/share/varnish/tests/wikimedia_upload-frontend.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Class[Varnish::Common::Vcl]", "parameters": "--- Class[Varnish::Common::Vcl].orig\n+++ Class[Varnish::Common::Vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Instance[upload-frontend]", "parameters": "--- Varnish::Instance[upload-frontend].orig\n+++ Varnish::Instance[upload-frontend]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_upload-frontend.vcl]", "parameters": "--- Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_upload-frontend.vcl].orig\n+++ Varnish::Wikimedia_vcl[/etc/varnish/wikimedia_upload-frontend.vcl]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}, {"resource": "Varnish::Wikimedia_vcl[normalize_path -frontend]", "parameters": "--- Varnish::Wikimedia_vcl[normalize_path -frontend].orig\n+++ Varnish::Wikimedia_vcl[normalize_path -frontend]\n\n@@\n-    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n+    vcl_config => {'purge_host_regex': '^(upload|maps)\\\\.wikimedia\\\\.org$', 'upload_domain': 'upload.wikimedia.org', 'upload_webp_hits_threshold': 100, 'maps_domain': 'maps.wikimedia.org', 'measure_domain_regex': '^measure-(eqiad|codfw|esams|ulsfo|eqsin|drmrs|magru)\\\\.wikimedia\\\\.org$', 'pass_random': False, 'admission_policy': 'exp', 'exp_policy_rate': 0.2, 'exp_policy_base': -20.3, 'large_objects_cutoff': 8388608, 'varnish_probe_ms': 100, 'keep': '1d', 'public_clouds_shutdown': False, 'attack_mode': False, 'differential_privacy': False, 'edge_uniques_same_site': 'None', 'pdf_csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; object-src 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'csp_header': \"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; connect-src https://upload.wikimedia.org/favicon.ico; media-src data: 'self'; report-uri https://commons.wikimedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&; report-to csp_endpoint\", 'reporting_endpoints': 'csp-endpoint', 'req_handling': {'default': {'caching': 'normal'}}, 'alternate_domains': {}, 'fe_mem_gb': 334, 'do_esitest': False, 'beacon_uri_regex': '^/beacon\\\\/(?!event)[^/?]+', 'do_edge_uniques': True, 'edge_uniques_key_path': '/etc/varnish/uniques.d/keys.cfg', 'edge_uniques_cfg_path': '/etc/varnish/uniques.json'}\n"}], "perc_changed": "0.25%"}}}