Page MenuHomePhabricator

Bot throttling: Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API
Open, HighPublic

Description

See T110235 for motivation.

On a code level this should be a near-trivial change: whenever sending an OAuth request as a response to a user request (ie. an action performed on the dashboard), if the user request does not have such a header, set X-Forwarded-For: <user ip>, otherwise just append , <user ip> to it. (Once the tool starts to make scheduled actions or other kinds of OAuth requests which are not direct, immediate responses to user action, things get more hairy.)

Probably requires a legal review / modification of the WikiEdu privacy policy.

Event Timeline

Tgr created this task.Aug 25 2015, 10:00 PM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added subscribers: Tgr, Ragesoss.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 25 2015, 10:00 PM

Our current privacy policy doesn't have any roadblocks for forwarding the IP to Wikipedia.

I'll get this onto our roadmap soon. Thanks @Tgr.

awight set Security to None.
awight triaged this task as High priority.Nov 30 2015, 9:05 AM
awight added a subscriber: awight.

Bumping priority just for bookkeeping, no urgency to implement, though.

Restricted Application added a subscriber: Base. · View Herald TranscriptNov 30 2015, 9:05 AM
awight renamed this task from Wikipedia Education Foundation dashboard should set X-Forwarded-For header to Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API.Dec 5 2015, 9:01 AM

Could someone imagine mentoring this task in Google Code-in 2015?

@Aklapper I'm not sure how to do this task specifically, but I'm happy to mentor in terms of guiding someone around how this fits into the overall codebase, getting a patch tested, and so on.

Tgr added a comment.Jan 12 2016, 9:39 PM

I can help with the specifics, although there is not much more to it than what's in the task description. Plus a Wikimedia config patch to get WikiEdu on the trusted XFF list.

awight renamed this task from Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API to Bot throttling: Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API.Jan 14 2016, 9:25 AM
Ijon claimed this task.Apr 1 2016, 9:07 AM
Ijon added a subscriber: Ijon.

I'm interested in maybe tackling this.

DStrine removed a subscriber: awight.Oct 31 2016, 2:16 PM
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptOct 31 2016, 2:16 PM
Ijon removed Ijon as the assignee of this task.Mar 18 2020, 11:36 PM