Page MenuHomePhabricator

Configure API Portal to only send session cookie to its own routes
Closed, ResolvedPublic

Description

We want to make sure that we're not polluting API calls with unrelated cookies. In particular, we don't want a developer who's browsing the API portal to accidentally send the portal session cookie to other API endpoints, which might give weird behaviour.

This is done when:

  • Configure the API Portal wiki so that session cookies are only sent to its specific routes (/wiki/, /w/, /upload/, ...?)