Page MenuHomePhabricator
Create Task
Maniphest T135863

Ensure api requests in app are using https before 2016-06-12
Closed, ResolvedPublic
Actions

Description

From the email with subject: [Labs-l] [Labs-announce] IMPORTANT! Insecure (non-HTTPS) API Requests to become unsupported starting 2016-06-12

TL;DR:

  • All access to Wikimedia production sites/APIs should use https://

URLs, not http:// -- your bot/tool will break in the near future if it
does not!

  • 2016-06-12 - insecure access is unsupported; starting on this date

we plan to break (deny with 403) 10% of all insecure requests randomly
as a wake-up call.

  • 2016-07-12 - we plan to break all insecure requests.

Event Timeline

schana created this task.May 20 2016, 6:12 PM
Restricted Application added a subscriber: Zppix. · View Herald TranscriptMay 20 2016, 6:12 PM
leila triaged this task as High priority.Jun 7 2016, 6:44 PM
leila moved this task from Backlog to Next Up on the GapFinder board.
Sabya subscribed.Jun 8 2016, 2:50 AM

I did a quick check. If I open https://recommend.wmflabs.org/, all requests (including XHR, static) are made to https://. So, are we safe?

schana added a comment.Jun 8 2016, 9:53 AM

After looking through https://github.com/wikimedia-research/translation-recs-app/search?utf8=%E2%9C%93&q=api&type=Code (as well as directly grep'ing the code), I think we're only using https.

schana moved this task from Next Up to Done on the GapFinder board.Jun 8 2016, 9:54 AM
schana closed this task as Resolved.Jun 20 2016, 11:06 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL