Page MenuHomePhabricator

Bot throttling: Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API
Open, HighPublic

Description

See T110235 for motivation.

On a code level this should be a near-trivial change: whenever sending an OAuth request as a response to a user request (ie. an action performed on the dashboard), if the user request does not have such a header, set X-Forwarded-For: <user ip>, otherwise just append , <user ip> to it. (Once the tool starts to make scheduled actions or other kinds of OAuth requests which are not direct, immediate responses to user action, things get more hairy.)

Probably requires a legal review / modification of the WikiEdu privacy policy.

Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added subscribers: Tgr, Ragesoss.

Our current privacy policy doesn't have any roadblocks for forwarding the IP to Wikipedia.

I'll get this onto our roadmap soon. Thanks @Tgr.

awight triaged this task as High priority.Nov 30 2015, 9:05 AM
awight subscribed.

Bumping priority just for bookkeeping, no urgency to implement, though.

awight renamed this task from Wikipedia Education Foundation dashboard should set X-Forwarded-For header to Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API.Dec 5 2015, 9:01 AM

Could someone imagine mentoring this task in Google Code-in 2015?

@Aklapper I'm not sure how to do this task specifically, but I'm happy to mentor in terms of guiding someone around how this fits into the overall codebase, getting a patch tested, and so on.

I can help with the specifics, although there is not much more to it than what's in the task description. Plus a Wikimedia config patch to get WikiEdu on the trusted XFF list.

awight renamed this task from Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API to Bot throttling: Wikipedia Education Foundation dashboard should set X-Forwarded-For header when editing via API.Jan 14 2016, 9:25 AM
Ijon subscribed.

I'm interested in maybe tackling this.

Ijon removed Ijon as the assignee of this task.Mar 18 2020, 11:36 PM