Page MenuHomePhabricator

outreachdashboard.wmflabs.org violates Labs ToS by loading Vega from cdnjs.cloudflare.com
Closed, ResolvedPublic

Description

Similar to T210946: outreachdashboard.wmflabs.org violates Labs ToS:

Going to https://outreachdashboard.wmflabs.org/explore and looking at the HTML source, you can see the following lines:

<script charset='utf-8' src='//cdnjs.cloudflare.com/ajax/libs/vega/4.2.0/vega.min.js'></script>
<script charset='utf-8' src='//cdnjs.cloudflare.com/ajax/libs/vega-embed/3.20.0/vega-embed.min.js'></script>

See https://wikitech.wikimedia.org/wiki/Wikitech:Cloud_Services_Terms_of_use point #6.

Event Timeline

Aklapper created this task.Dec 28 2019, 3:23 PM
Restricted Application added a subscriber: Base. · View Herald TranscriptDec 28 2019, 3:23 PM
Ragesoss claimed this task.Dec 31 2019, 8:12 PM
sbassett triaged this task as High priority.Jan 2 2020, 5:11 PM
sbassett added a project: Security-Team.
sbassett moved this task from Incoming to Watching on the Security-Team board.
Ragesoss closed this task as Resolved.Jan 2 2020, 8:15 PM

Fixed via https://github.com/WikiEducationFoundation/WikiEduDashboard/commit/613611c324338b82d44c5cfe93c109b4b4f8b357

I've deployed this change, so it's no longer loading the Vega libraries from the CDN.

chasemp added a subscriber: chasemp.Jan 2 2020, 8:20 PM

Thanks @Ragesoss hope you are having a good new year so far :)