Page MenuHomePhabricator

Security Review For MediaWiki REST API infrastructure
Open, NormalPublic


Project Information

Description of the tool/project

This is a set of modules in the MediaWiki core platform code for exposing RESTful API interfaces.

Description of how the tool will be used at WMF

The first API will be the Parsoid service API, and the next will be an API exposing the core functionality of MediaWiki. This review is just for the REST API infrastructure, and not for any API interfaces.


None; it's all homegrown code.

Has this project been reviewed before?


Working test environment

Should work with a base MediaWiki installation, with $wgEnableRestAPI enabled.


Core Platform Team will manage post deployment.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 8 2019, 4:21 PM
EvanProdromou renamed this task from Security Review For {...} to Security Review For MediaWiki REST API infrastructure.Aug 8 2019, 4:21 PM
sbassett triaged this task as Normal priority.Aug 8 2019, 4:30 PM
Jcross assigned this task to Reedy.Tue, Aug 20, 5:30 PM
Jcross added a subscriber: Jcross.Tue, Aug 20, 5:33 PM

@Reedy - could you please take a look at this one? Thanks!