Proposal: fail explicitly and revoke relevant API keys over plain-text HTTP connection for all Wikimedia APIs
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Diskdance
	Tue, Jun 25, 3:49 AM

Description

Rationale: Your API Shouldn't Redirect HTTP to HTTPS (HN thread)

Instead of redirecting API calls from HTTP to HTTPS, make the failure visible. Either disable the HTTP interface altogether, or return a clear HTTP error response and revoke API keys sent over the unencrypted connection.

Doing these has several benefits, like allowing API developers to identify misuse of HTTP connections earlier. It is also mentioned that Stack Exchange API used to revoke API keys sent over HTTP, and return an error message.

In my humble opinion, this article's point is a valid concern. Although this is not a big security hole, it can be implemented as a defense in depth. I posted on wikitech-l some times ago but it didn't receive much attention.

From my observation, all of our current API end points (Action API, REST API, RESTBase, Wikimedia Enterprise) automatically redirect HTTP traffic to HTTPS.

Event Timeline

Diskdance created this task.Tue, Jun 25, 3:49 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptTue, Jun 25, 3:49 AM

Pppery added a project: Traffic.Tue, Jun 25, 3:52 AM

Proposal: fail explicitly and revoke relevant API keys over plain-text HTTP connection for all Wikimedia APIsOpen, Needs TriagePublicActions

Description

Event Timeline

Proposal: fail explicitly and revoke relevant API keys over plain-text HTTP connection for all Wikimedia APIs
Open, Needs TriagePublic
Actions