Page MenuHomePhabricator
Create Task
Maniphest T130695

ACL configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org
Closed, ResolvedPublic
Actions

Description

In T44473, there is a feature request to allow direct transfer from another Wikimedia site to Wikimedia Commons.

In T44473#1198327, @Bawolff wrote:

It would need the acls in the squid config for url-downloader.wikimedia.org to be changed. Someone (@csteipp ?) Would probably need to asses the security risk of such a change.

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
ResolvedNoneT44473 Allow upload-by-URL from upload.wikimedia.org
ResolvedTTOT130695 ACL configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org
· · ·

Event Timeline

Dereckson created this task.Mar 23 2016, 2:53 AM
Restricted Application added subscribers: Malyacko, JEumerus, Steinsplitter and 2 others. · View Herald TranscriptMar 23 2016, 2:53 AM
Dereckson moved this task from Backlog to Blocked on SRE on the Wikimedia-Site-requests board.Mar 23 2016, 2:53 AM
Dereckson added a parent task: T44473: Allow upload-by-URL from upload.wikimedia.org.
Dereckson renamed this task from Squid configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org to XFF configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org.Mar 23 2016, 2:57 AM
Krenair added a subscriber: Krenair.Mar 23 2016, 11:20 AM
Bawolff renamed this task from XFF configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org to ACL configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org.Mar 29 2016, 9:20 PM
csteipp edited projects, added deprecated-security-team-reviews, Security-Team; removed acl*security.Mar 29 2016, 9:21 PM
Bawolff added a comment.Mar 29 2016, 9:22 PM

For reference, relavent file is templates/url_downloader/squid.conf.erb in operations/puppet

MarcoAurelio added a subscriber: MarcoAurelio.Apr 5 2016, 6:20 PM
fgiunchedi triaged this task as Medium priority.Apr 27 2016, 3:55 PM
dpatrick moved this task from Incoming to Scheduled on the deprecated-security-team-reviews board.Jul 6 2016, 5:15 PM
zhuyifei1999 mentioned this in T142991: Enable "upload by url" feature at zhwiki.Aug 16 2016, 8:11 AM
zhuyifei1999 added a subscriber: zhuyifei1999.
Liuxinyu970226 added a subscriber: Liuxinyu970226.Aug 18 2016, 1:28 AM
Bawolff added a comment.Aug 27 2016, 12:33 AM

[Since I was asked to comment] I personally can't think of any objections to this, however I think this is more a call for ops.

However, faidon in the other bug seems to have objected to copying files via http for internal requests, so if his objection still stands, this is a moot point.

demon added a subscriber: demon.Aug 27 2016, 1:03 AM

I'm not sure it would need a url-downloader configuration change anyway? I thought anything within our own range can be requested directly? eg: gerrit.wikimedia.org doesn't need proxying

TTO closed this task as Resolved.Aug 27 2016, 1:10 AM
TTO claimed this task.

Works for me: https://test.wikipedia.org/wiki/File:Shellfish_COPY_UPLOAD_TEST.jpg

Incidentally, why is the image appearing in the body of the file description page? Some weird config option must be turned on for testwiki...

For the record, though, this can't really be used for a general-purpose commons transfer tool, because it requires the user to have upload-by-url rights on commons, which is restricted to sysops and GLAM people.

Liuxinyu970226 removed a subscriber: Liuxinyu970226.Aug 27 2016, 3:17 AM
Cwek added a subscriber: Cwek.Sep 2 2016, 1:24 AM
In T130695#2587826, @TTO wrote:

Works for me: https://test.wikipedia.org/wiki/File:Shellfish_COPY_UPLOAD_TEST.jpg

Incidentally, why is the image appearing in the body of the file description page? Some weird config option must be turned on for testwiki...

For the record, though, this can't really be used for a general-purpose commons transfer tool, because it requires the user to have upload-by-url rights on commons, which is restricted to sysops and GLAM people.

Does it need report a issue that the image appearing in the body of the file description page?

MarcoAurelio moved this task from Blocked on SRE to Done on the Wikimedia-Site-requests board.Feb 22 2018, 11:30 AM
Malyacko removed a subscriber: Malyacko.Feb 22 2018, 12:00 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:59 PM
sbassett moved this task from Scheduled to Done on the deprecated-security-team-reviews board.Jul 9 2019, 8:27 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:16 PM
Base added a subscriber: Base.Apr 21 2022, 10:34 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL