Page MenuHomePhabricator

Add * to shortener
Closed, DeclinedPublic

Event Timeline

Husky created this task.Aug 29 2019, 7:15 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 29 2019, 7:15 AM

I oppose using domain for shortening labs URLs. Labs does not follow WMF term of use and privacy policy, in particular you can load arbitrary 3rd party script (though this is being phased out) and redirect labs URL to arbitrary external URL.

Since there's some use case for shortening labs URLs, let's make a new domain (probably or which points to an independant labs-hosted service.

I would love if we could use a URL shortener for Wmflabs

Legoktm closed this task as Declined.Sep 7 2019, 12:43 AM
Legoktm added a subscriber: Legoktm.

It's all but impossible to verify * has no open redirects or security issues. Adding it to the whitelist would get rid of the privacy/security promise of, in that the destination is trusted. We don't trust * in the same way.

I would love if we could use a URL shortener for Wmflabs

Looks like someone once attempted to provide a url shortening service at Assuming that wasn't shut down for ToU or security issues, I'd think it'd be fairly trivial to set up such a service under which only allowed redirects to other urls. isn't quite as nice, but certainly better than the url mentioned within the task description.

@Urbanecm That'd be functionally equivalent in some ways, though seems to have originally been for a different purpose. Also, editing Hiera configs and using the Horizon tool isn't quite as user-friendly as the UI for (and most other url shorteners) IMO.

Yeah, but can serve as a start.

sbassett moved this task from Backlog to Done on the Security-Team board.Sep 10 2019, 4:58 PM