Page MenuHomePhabricator
Create Task
Maniphest T357727

Matching gift company search changes required
Open, Needs TriagePublic
Actions

Description

Hep Development, the provider that stores and services all of the participating companies around the Matching Gift program, was acquired by Affinaquest during 2023. Since the acquisition, Affinaquest apprised me of some changes this week which will require that we make changes to the way our donors search for whether their employer participates in the Matching Gift program. Instead of using this web search on the Affinaquest page as we do today on [[ https://donate.wikipedia.org/wiki/Matching_Gifts | name ]]we need to move to an embedded search box on our matching gift page. I have created the search widget for us to embed on https://donate.wikipedia.org/wiki/Matching_Gifts. It is below. Can this change be made as Affinaquest advise that they will be terminating the ability for us to continue to use their page for the look up.

Widget for embedding:
<script src="https://matchbox.hepdata.com/edl/wikimedia_iframe/m00u8ssh/script.js" async></script><div id="edl-template"></div>

Event Timeline

EMartin created this task.Feb 15 2024, 9:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 15 2024, 9:29 PM
EMartin updated the task description. (Show Details)Feb 15 2024, 9:29 PM
AKanji-WMF added subscribers: Ejegg, AKanji-WMF.Feb 20 2024, 9:37 PM

Hi @EMartin @RKumar_WMF - there's a question as to whether we will require a security review for the CSP update [h/t @Pcoombe @Ejegg ] - how do we determine whether this does indeed need review?

greg subscribed.Feb 26 2024, 9:18 PM

@Pcoombe do you know when the old stuff will stop working?

EMartin added a comment.Feb 26 2024, 9:31 PM

@greg Affinaquest said sometime in the next year the current search will stop working but they have not published a date. They made it clear they are not updating the current search mechanism/approach going forward from now.

AKanji-WMF moved this task from Triage to TEMP Sprint G on the Fundraising-Backlog board.Apr 1 2024, 8:02 PM

@AKanji-WMF to request security review

AKanji-WMF added a comment.Apr 9 2024, 3:14 PM

When asked about security review, Evelyn didn't think it was required "The donor is searching through a widget for companies that participate in matching. There is no access to our data here."

However, would we need to embed non WMF code that would go against our policies?

Pcoombe added a comment.Apr 9 2024, 3:44 PM

Yes, the code in the task description involves embedding external javascript

AKanji-WMF moved this task from TEMP Sprint G to Triage on the Fundraising-Backlog board.Apr 9 2024, 7:12 PM

@AKanji-WMF to follow up - will require a review (CSP change)

EMartin added a comment.Wed, May 1, 6:49 PM
This comment was removed by EMartin.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL