Make abusefilter on foundationwiki to prevent people accidentally violating our privacy policy
Closed, ResolvedPublic


Its been suggested we should make an abusefilter banning adding external scripts to foundationwiki to prevent employees from accidentally violating privacy policy.

Other alternatives is enabling CSP whenever that becomes ready.

Bawolff created this task.Mar 1 2017, 10:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 1 2017, 10:04 PM
Bawolff closed this task as Resolved.Mar 1 2017, 10:56 PM
Bawolff assigned this task to ArielGlenn.
Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Mar 5 2017, 10:10 PM

Change 341259 had a related patch set uploaded (by bawolff):
[operations/mediawiki-config] Add a CSP policy to foundationwiki to prevent privacy breach

Wouldn't [^>]* have been cleaner?

Wouldn't [^>]* have been cleaner?

Sometimes a close tag is missing before the next open tag. I don't care too much one way or the other though.

Change 341259 merged by jenkins-bot:
[operations/mediawiki-config] Add a CSP policy to foundationwiki to prevent privacy breach

Mentioned in SAL (#wikimedia-operations) [2017-03-06T14:37:16Z] <addshore@tin> Synchronized wmf-config/CommonSettings.php: SWAT: [[gerrit:341259|Add a CSP policy to foundationwiki to prevent privacy breach]] T159386 (duration: 00m 39s)

Bawolff added a comment.EditedMar 12 2017, 7:30 PM

Hmm. Looks like the testing CSP policy would block the mobile tracking beacon since is not a valid img-src when viewing from [Or what I'm assuming is the beacon, could be something else]