code.jquery.com lacks IPv6 support

[mgol]

Originally reported by @tambry in jquery/jquery.com#178.

The jQuery CDN code.jquery.com lacks IPv6 addresses and thus resources from it can't be received using IPv6.

The CDN seems to be served by StackPath (previously Highwinds), which has recently gotten IPv6 support, so this should be fixable. For reference, BootstrapCDN also uses StackPath, and they recently enabled IPv6 for their CDN endpoint (stackpath.bootstrapcdn.com).

PS
Apologies if this is the wrong place to report this, but there doesn't seem to be any place to report issues related to code.jquery.com.

[zajdee]

BootstrapCDN has just enabled IPv6. Is it time for jQuery to follow suit now?

[zajdee]

I'm really curious on how to contact someone responsible for configuring the CDN for jQuery.
There's plain silence on the #jquery-infrastructure IRC channel (and it's like that for months, according to the logs).

Based on the last jQuery core meeting minutes, @mgol, @timmywil and @gibson042 have attended a core team meeting. Guys, sorry to bother you, but could you perhaps contact the infrastructure guys and ask them to follow up on this?

Thank you.

[mgol]

@zajdee I forwarded a question to StackPath. Note, though, that we have serious infrastructure team shortages & our setup is a bit rusty so it's not easy to make configuration changes until we sort it out.

[zajdee]

@mgol thank you so much. Is there perhaps something I could do to help the infrastructure team while the team is on shortage? Is there an option of volunteering or any other form of cooperation?

[kborchers]

I have been in touch with StackPath support and they are enabling IPv6 support. They did not provide an ETA but it should be very soon if not already enabled.

[mgol]

@zajdee The problem with the infrastructure team is that by definition it needs access to privileged services and we can't give such access to every person that would like to help. That said, we're in talks with the OpenJS Foundation so that our infrastructure needs get addressed; hopefully it'll get better over time. You can follow openjs-foundation/cross-project-council#285 for updates on that topic; perhaps involved in that issue may better know how to onboard new people to work on infrastructure.

[mgol]

The service should be available via IPv6 now. Please post a comment if that's not the case!

[yh1224]

I tried to access to code.jquery.com by IPv6, but received 403 ERROR!
I can't see some sites now.

[ec2-user@ip-172-31-21-126 ~]$ curl -6 https://code.jquery.com/jquery-3.4.1.min.js -w '%{http_code}\n' -o jquery.min.js
403
[ec2-user@ip-172-31-21-126 ~]$ curl -4 https://code.jquery.com/jquery-3.4.1.min.js -w '%{http_code}\n' -o jquery.min.js
200

[kylev]

From Xfinity in CA, I cannot reproduce @yh1224's result. IPv6 jQuery is working fine in-browser, too.

$ curl -6 https://code.jquery.com/jquery-3.4.1.min.js -w '%{http_code}\n' -o jquery.min.js
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 88145  100 88145    0     0   753k      0 --:--:-- --:--:-- --:--:--  748k
200
$ curl -4 https://code.jquery.com/jquery-3.4.1.min.js -w '%{http_code}\n' -o jquery.min.js
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 88145  100 88145    0     0   845k      0 --:--:-- --:--:-- --:--:--  852k
200

[yh1224]

It works from us-east-1 and us-west-2(AWS).

It fails from Japan(ap-northeast-1).
My address was 2406:da14:331:5601:5200:fd19:e0bd:213c.

[zajdee]

@yh1224 could you please also provide a tcptraceroute6 code.jquery.com 443 towards code.jquery.com?
I have just tested retrieving the file from Europe (CZ), South Africa (ZA, via Hurricane Electric) and Kenya (KE) and there is no issue there. So it might just be a Stackpath CDN misconfiguration in the APAC region.

[yh1224]

@zajdee Here's result.

ubuntu@ip-172-31-25-70:~$ tcptraceroute6 code.jquery.com 443
traceroute to cds.s5x3j6q5.hwcdn.net (2001:4de0:ac18::1:a:3a) from 2406:da14:331:5601:6c4a:4214:cfc1:86b4, port 443, from port 63179, 30 hops max, 60 bytes packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  2400:6500:0:4107:8000:0:6441:b01 (2400:6500:0:4107:8000:0:6441:b01)  33.099 ms  0.371 ms  0.344 ms
 7  2400:6500:0:1::3f (2400:6500:0:1::3f)  0.705 ms  1.370 ms  0.754 ms
 8  * * *
 9  2400:6500:0:1::3b (2400:6500:0:1::3b)  2.772 ms  2.716 ms  2.783 ms
10  * * *
11  * * *
12  2400:6500:0:1::62 (2400:6500:0:1::62)  2.704 ms  2.700 ms  3.768 ms
13  * * *
14  2400:6500:0:1::5d (2400:6500:0:1::5d)  2.837 ms  2.840 ms  2.815 ms
15  2001:de8:c::3:3438:1 (2001:de8:c::3:3438:1)  3.048 ms  3.038 ms  2.981 ms
16  2001:4de0:6310::11 (2001:4de0:6310::11)  2.951 ms  2.960 ms  2.948 ms
17  2001:4de0:ac18::1:a:3a (2001:4de0:ac18::1:a:3a)  2.854 ms [open]  * 2.662 ms [open]
ubuntu@ip-172-31-25-70:~$ tcptraceroute6 code.jquery.com 443
traceroute to cds.s5x3j6q5.hwcdn.net (2001:4de0:ac18::1:a:3b) from 2406:da14:331:5601:6c4a:4214:cfc1:86b4, port 443, from port 63174, 30 hops max, 60 bytes packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  2400:6500:0:4107:8000:0:6441:801 (2400:6500:0:4107:8000:0:6441:801)  0.554 ms  0.413 ms  3.193 ms
 7  2400:6500:0:1::8 (2400:6500:0:1::8)  4.142 ms  2.984 ms  3.019 ms
 8  * * *
 9  2400:6500:0:1::6 (2400:6500:0:1::6)  4.186 ms  6.318 ms  4.023 ms
10  * * *
11  * * *
12  2400:6500:0:1::62 (2400:6500:0:1::62)  4.000 ms  3.954 ms  3.958 ms
13  * * *
14  2400:6500:0:1::5d (2400:6500:0:1::5d)  4.014 ms  4.164 ms  4.921 ms
15  2001:de8:c::3:3438:2 (2001:de8:c::3:3438:2)  4.341 ms  4.393 ms  4.274 ms
16  2001:4de0:6310::12 (2001:4de0:6310::12)  4.034 ms  * 3.910 ms
17  2001:4de0:ac18::1:a:3b (2001:4de0:ac18::1:a:3b)  4.399 ms [open]  * *

[tambry]

@yh1224 What's the output of curl -6 https://code.jquery.com/jquery-3.4.1.min.js -I?

Does fetching files from the BootstrapCDN, which uses the same CDN and infrastructure have the same problem?

[yh1224]

@tambry I can fetch from stackpath.bootstrapcdn.com.

ubuntu@ip-172-31-25-70:~$ curl -6 https://code.jquery.com/jquery-3.4.1.min.js -I
HTTP/1.1 403 Forbidden
Date: Sat, 17 Aug 2019 10:04:17 GMT
Connection: close
Accept-Ranges: bytes
Cache-Control: max-age=10
Content-Length: 0
X-HW: 1566036257.dop038.tk2.t,1566036257.cds038.tk2.shn,1566036257.cds038.tk2.c

ubuntu@ip-172-31-25-70:~$ curl -6 https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js -I
HTTP/2 200
date: Sat, 17 Aug 2019 10:04:54 GMT
accept-ranges: bytes
etag: "1550076057"
content-length: 58072
content-type: text/javascript; charset=utf-8
last-modified: Wed, 13 Feb 2019 16:40:57 GMT
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
timing-allow-origin: *
cache-control: public, max-age=31536000

[zajdee]

Based on the X-HW header, this looks like a content served by a CDN node in Tokyo to me.
From my home location, I have

X-HW: 1566036542.dop142.fr8.t,1566036542.cds078.fr8.shn,1566036542.dop142.fr8.t,1566036542.cds032.fr8.c

Which corresponds to Frankfurt (based on my traceroutes).

Is it therefore possible that this issue is caused by a Tokyo Stackpath CDN node misconfiguration?

[yh1224]

I noticed that it returns 301 redirect response on HTTP(instead of HTTPS).

ubuntu@ip-172-31-25-70:~$ curl -6 http://code.jquery.com/jquery-3.4.1.min.js -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Aug 2019 10:38:58 GMT
Connection: close
Accept-Ranges: bytes
Cache-Control: max-age=0
Content-Length: 109
Content-Type: text/html
Location: http://hwcdn.net/s5x3j6q5/cds/jquery-3.4.1.min.js?dopvhost=code.jquery.com&x-hw-redirect=dop012.tk2.hwcdn.net
X-HW: 1566038338.dop012.tk2.d

ubuntu@ip-172-31-25-70:~$ curl -6 "http://hwcdn.net/s5x3j6q5/cds/jquery-3.4.1.min.js?dopvhost=code.jquery.com&x-hw-redirect=dop012.tk2.hwcdn.net" -I
curl: (6) Could not resolve host: hwcdn.net

ubuntu@ip-172-31-25-70:~$ curl -4 "http://hwcdn.net/s5x3j6q5/cds/jquery-3.4.1.min.js?dopvhost=code.jquery.com&x-hw-redirect=dop012.tk2.hwcdn.net" -I
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2019 10:43:06 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 88145
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 01 May 2019 21:14:27 GMT
Server: nginx
ETag: W/"5cca0c33-15851"
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1566038586.dop014.la3.t,1566038586.cds016.la3.c

[zajdee]

I don't really speak Japanese, but it seems to be a common problem in your region. That is, it does not look to be a problem of your local configuration. Rather really a CDN misconfiguration.
https://blog.ikunaga.net/entry/code-jquery-com-is-not-loaded/

[zajdee]

I have sent an e-mail to Stackpath NOC (with a link to this issue) as they are the only ones to fix this issue. Not sure if they will accept that e-mail or react to it in any way, but let's see.

[zajdee]

Just got a response from StackPath:
"Thank you for your patience. Our engineers have made some changes so could you please test again and let us know if you still see the issue?"

Please test if the issue persists. I don't actually have any node close to Tokyo to test myself. Thanks!

[yh1224]

@zajdee Looks good. :-)
X-HW changed to la3 from tk2.

ubuntu@ip-172-31-25-70:~$ curl -6 https://code.jquery.com/jquery-3.4.1.min.js -I
HTTP/1.1 200 OK
Date: Mon, 19 Aug 2019 10:26:52 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 88145
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 01 May 2019 21:14:27 GMT
Server: nginx
ETag: W/"5cca0c33-15851"
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1566210412.dop034.la3.t,1566210412.cds048.la3.shn,1566210412.dop034.la3.t,1566210412.cds016.la3.c

[lrcarvalho]

Hi Guys,

This issue still happening when accessing it from EUA and Brazil. Let me post my response from curls calls:

lrcarvalho@kalabria-2:~$ curl -6 https://code.jquery.com -v --trace-time
08:51:33.330701 * Rebuilt URL to: https://code.jquery.com/
08:51:33.344729 *   Trying 2001:4de0:ac18::1:a:3b...
08:51:33.344771 * TCP_NODELAY set
08:51:33.370828 * Connected to code.jquery.com (2001:4de0:ac18::1:a:3b) port 443 (#0)
08:51:33.371136 * ALPN, offering h2
08:51:33.371214 * ALPN, offering http/1.1
08:51:33.371386 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
08:51:33.381273 * successfully set certificate verify locations:
08:51:33.381321 *   CAfile: /etc/ssl/cert.pem
  CApath: none
08:51:33.381522 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
08:51:33.407434 * TLSv1.2 (IN), TLS handshake, Server hello (2):
08:51:33.409493 * TLSv1.2 (IN), TLS handshake, Certificate (11):
08:51:33.412634 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
08:51:33.412911 * TLSv1.2 (IN), TLS handshake, Server finished (14):
08:51:33.414163 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
08:51:33.414199 * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
08:51:33.414276 * TLSv1.2 (OUT), TLS handshake, Finished (20):
08:51:33.439923 * TLSv1.2 (IN), TLS change cipher, Client hello (1):
08:51:33.440123 * TLSv1.2 (IN), TLS handshake, Finished (20):
08:51:33.440422 * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
08:51:33.440485 * ALPN, server did not agree to a protocol
08:51:33.440554 * Server certificate:
08:51:33.440649 *  subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=jquery.org
08:51:33.440724 *  start date: Oct 17 00:00:00 2018 GMT
08:51:33.440788 *  expire date: Oct 16 23:59:59 2020 GMT
08:51:33.441055 *  subjectAltName: host "code.jquery.com" matched cert's "code.jquery.com"
08:51:33.441527 *  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
08:51:33.441740 *  SSL certificate verify ok.
08:51:33.441905 > GET / HTTP/1.1
08:51:33.441905 > Host: code.jquery.com
08:51:33.441905 > User-Agent: curl/7.54.0
08:51:33.441905 > Accept: */*
08:51:33.441905 >
08:51:33.466628 < HTTP/1.1 403 Forbidden
08:51:33.466670 < Date: Wed, 11 Sep 2019 11:51:33 GMT
08:51:33.466692 < Connection: close
08:51:33.466727 < Accept-Ranges: bytes
08:51:33.466751 < Cache-Control: max-age=10
08:51:33.466775 < Content-Length: 0
08:51:33.466795 < X-HW: 1568202693.dop043.sp3.t,1568202693.cds011.sp3.shn,1568202693.cds011.sp3.c
08:51:33.466817 <
08:51:33.466846 * Closing connection 0
08:51:33.466897 * TLSv1.2 (OUT), TLS alert, Client hello (1):

Any updatrs about this issue?

Thanks.

[zajdee]

I have reopened the issue with StackPath.
@lrcarvalho could you please share your global IPv6 address are you seeing the issue from? This would definitely help. Thanks.

[yh1224]

From Japan, IPv6 unreachable now.

$ curl -6 https://code.jquery.com/jquery-3.4.1.min.js -I
curl: (7) Failed to connect to code.jquery.com port 443: Connection refused

[Krinkle]

Using a VPN through Tokyo:

curl -6 https://code.jquery.com/jquery-3.4.1.min.js -I -v
    Trying ::ffff:209.197.3.24...
[…]
Connected to code.jquery.com (::ffff:209.197.3.24) port 443 (#0)
[…]
> HEAD /jquery-3.4.1.min.js HTTP/1.1
> Host: code.jquery.com
> User-Agent: curl/7.64.1
> Accept: */*
> 

HTTP/1.1 200 OK
Date: Wed, 15 Jul 2020 00:23:26 GMT
Connection: Keep-Alive
Content-Length: 88145
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 01 May 2019 21:14:27 GMT
Accept-Ranges: bytes
Server: nginx
ETag: W/"5cca0c33-15851"
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-HW: 1594772606.dop015.tk2.t,1594772606.cds004.tk2.shn,1594772606.cds004.tk2.c

The last segment (dop015.tk2.t) is an edge signal from the Highwinds/StackPath CDN location in Tokyo, Japan.

[Krinkle]

Continuing at #52.