Page MenuHomePhabricator

Add *.wmflabs.org to w.wiki shortener
Closed, DeclinedPublic

Event Timeline

Husky created this task.Thu, Aug 29, 7:15 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, Aug 29, 7:15 AM

I oppose using w.wiki domain for shortening labs URLs. Labs does not follow WMF term of use and privacy policy, in particular you can load arbitrary 3rd party script (though this is being phased out) and redirect labs URL to arbitrary external URL.

Since there's some use case for shortening labs URLs, let's make a new domain (probably cs.w.wiki or labs.wiki) which points to an independant labs-hosted service.

I would love if we could use a URL shortener for Wmflabs

Legoktm closed this task as Declined.Sat, Sep 7, 12:43 AM
Legoktm added a subscriber: Legoktm.

It's all but impossible to verify *.wmflabs.org has no open redirects or security issues. Adding it to the whitelist would get rid of the privacy/security promise of w.wiki, in that the destination is trusted. We don't trust *.wmflabs.org in the same way.

I would love if we could use a URL shortener for Wmflabs

Looks like someone once attempted to provide a url shortening service at wmflabs.org: https://tools.wmflabs.org/durl-shortener/. Assuming that wasn't shut down for ToU or security issues, I'd think it'd be fairly trivial to set up such a service under wmflabs.org which only allowed redirects to other wmflabs.org urls. tools.wmflabs.org/tool/shortid isn't quite as nice w.wiki/shortid, but certainly better than the url mentioned within the task description.

@Urbanecm That'd be functionally equivalent in some ways, though seems to have originally been for a different purpose. Also, editing Hiera configs and using the Horizon tool isn't quite as user-friendly as the UI for w.wiki (and most other url shorteners) IMO.

Yeah, but can serve as a start.

sbassett moved this task from Backlog to Done on the Security-Team board.Tue, Sep 10, 4:58 PM