Page MenuHomePhabricator

Wikimedia Commons Query Service should use Wikimedia url shortener instead of tinyurl
Open, Needs TriagePublic

Description

I wondered why https://tinyurl.com/y4myl8z6 was shared instead of a link like https://w.wiki/rL . Turns out the prototype uses tinyurl. Should probably switched at some point. Not sure how to deal with the temporary domain https://wcqs-beta.wmflabs.org and the final domain. Maybe just do a search replace on the our tinyurl database later when the final domain becomes available?

Event Timeline

Yes, if it goes to *.wikmedia.org or *.commons.org, it'll be shortable in short url but *.wmflabs.org is not among the allowed domain list for security reasons (hiding XSS through open redirects, etc.)

Yes, if it goes to *.wikmedia.org or *.commons.org, it'll be shortable in short url but *.wmflabs.org is not among the allowed domain list for security reasons (hiding XSS through open redirects, etc.)

Can't we just put "wcqs-beta.wmflabs.org" on the whitelist? I agree putting *.wmflabs.org on the whitelist isn't such a good idea, but just one subdomain shouldn't be a problem.

Can't we just put "wcqs-beta.wmflabs.org" on the whitelist? I agree putting *.wmflabs.org on the whitelist isn't such a good idea, but just one subdomain shouldn't be a problem.

That's technically possible. I'd ask security to sign it off before applying it but shouldn't be too hard.

I would really rather not do that. This is a beta service – I think putting it on the official URL shortener whitelist, or even considering to rewrite shortened URLs(!), gives it an undeserved appearance of being more stable than it’s really meant to be.

I would really rather not do that. This is a beta service – I think putting it on the official URL shortener whitelist, or even considering to rewrite shortened URLs(!), gives it an undeserved appearance of being more stable than it’s really meant to be.

Being able to share queries is an integral part of beta. If you don't agree with that, speak up. So being able to do that should be supported in a proper way as part of the beta. Tinyurl is still blacklisted so sharing is painful now.

What about url shortener of beta? It's something like w-beta.wmflabs.org/x12 (it's broken currently but I can fix it).

I would really rather not do that. This is a beta service – I think putting it on the official URL shortener whitelist, or even considering to rewrite shortened URLs(!), gives it an undeserved appearance of being more stable than it’s really meant to be.

Being able to share queries is an integral part of beta. If you don't agree with that, speak up. So being able to do that should be supported in a proper way as part of the beta. Tinyurl is still blacklisted so sharing is painful now.

I never said being able to share queries was not important…? But TinyURL works well enough – not as well as w.wiki, but well enough that I don’t think compromising the integrity of w.wiki is a worthwhile tradeoff.

Jheald added a subscriber: Jheald.Sat, Aug 1, 3:15 PM

In some ways it's quite nice that WCQS uses tinyurl rather than the w.wiki shortener -- at least it means there is not such a limit on how long the query can be. (T220703).

Perhaps we could revert WDQS to use tinyurl again, too ?

In some ways it's quite nice that WCQS uses tinyurl rather than the w.wiki shortener -- at least it means there is not such a limit on how long the query can be. (T220703).

Perhaps we could revert WDQS to use tinyurl again, too ?

You can't link to tinyurl in Wikidata/Wikipedia as it's blacklisted. The fact that you disagreed with a decision (which I agreed with you), doesn't mean we should ditch the whole tool in favor of third parties harvesting user's data.

Nikki added a subscriber: Nikki.Tue, Aug 4, 7:57 AM