Page MenuHomePhabricator
Create Task
Maniphest T274596

Investigate why some queryrevision entries in the api-feature-usage log channel seem to be performed as anonymous
Open, Needs TriagePublic
Actions

Description

Split from T274514 (private task), see for instance this logstash entry: it repeats the IP twice, as if the performer was not logged in, but we have reasons to believe they were.

Event Timeline

Daimona created this task.Feb 11 2021, 10:12 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 11 2021, 10:12 PM
Tgr subscribed.Feb 11 2021, 10:28 PM

Maybe it's just HotCat doing a non-credentialed fetch?

Daimona added a comment.Feb 11 2021, 11:09 PM
In T274596#6824901, @Tgr wrote:

Maybe it's just HotCat doing a non-credentialed fetch?

Good point, didn't think about that. There seem to be similar API requests in HotCat, and although I haven't checked deeply, that might be it?

Tgr added a comment.Feb 11 2021, 11:36 PM

At a glance there are two calls, one with $.getJSON, the other by inserting a <script> tag. I think both of those would be credentialed but didn't investigate much.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL