Allow CommunityConfiguration to load configuration via HTTP
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Urbanecm_WMF
	Aug 9 2025, 10:15 AM

Description

Background

Community Configuration has a concept of configuration stores, which are different ways how configuration can be accessed and/or written. As of writing, Community Configuration only has one store implementation: the wiki page store, which stores configuration within a defined wiki-page.

AbuseFilter has a feature called blocked external domains, which allows administrators to block external domains from being linked on the wikis. This feature is currently implemented without CommunityConfiguration, but a migration is on the way in T393240: Special:BlockedExternalDomains should make use of Community Configuration. In the parent task (T401524), the global blacklist (https://meta.wikimedia.org/wiki/Spam_blacklist) should be converted to also use blocked external domains.

Problem

Conceptually, global blocked external domains is a feature that falls within Community Configuration's remit as well. Ordinarily (without CC), it would be implemented by making an internal API request to a central wiki, which would hold the list, and feed it to all the client wikis.

However, it currently cannot be implemented via CC, because Community Configuration cannot access configuration via HTTP. Within this task, we should implement that as another store.

Notes

There is a PoC patch available at https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CommunityConfiguration/+/1031010, which was previously considered for T359185.

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Introduce HttpStore	mediawiki/extensions/CommunityConfiguration	master	+174 -0

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Resolved		None	T254646 Reconsidering how we name things
Open		None	T281536 Schema:EditAttemptStep uses non-inclusive language.
Open		None	T279275 Move all the functionality of {Spam,Title}Blacklist extensions into AbuseFilter and retire them
Open	Feature	None	T47747 Create a tool like SpamBlacklist in AbuseFilter
Open		None	T265163 Create a system to encode best practices into editing experiences
Open		None	T255502 Goal: Save Timing median back under 1 second
Open		Ladsgroup	T337431 Rework MediaWiki:SpamBlacklist
Open		None	T401524 Convert global spam blacklist into Special:BlockedExternalDomains
Open		None	T401525 Allow CommunityConfiguration to load configuration via HTTP

Event Timeline

Urbanecm_WMF created this task.Aug 9 2025, 10:15 AM

Restricted Application added a project: Growth-Team. · View Herald TranscriptAug 9 2025, 10:15 AM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Change #1176763 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[mediawiki/extensions/CommunityConfiguration@master] Introduce HttpStore

https://gerrit.wikimedia.org/r/1176763

gerritbot added a project: Patch-For-Review.Aug 9 2025, 12:05 PM

Aklapper moved this task from Backlog to Hacking Projects on the Wikimania-Hackathon-2025 board.Aug 12 2025, 8:43 PM

Would that imply that CC would make an (internal?) HTTP request during every read view? How is that global list currently being distributed?

While I understand that the wiki that holds the config wants to edit it via CommunityConfiguration, does the reading from the client-wikis also have to happen via CommunityConfiguration? An alternative implementation could be that the extension (which? AbuseFilter?) in client wikis use custom logic to talk to an api-endpoint that the extension provides on the central wiki, and that then makes a local read on its CommunityConfiguration config.

DMburugu moved this task from Needs Discussion to Triaged on the Growth-Team board.Oct 2 2025, 4:13 PM

Allow CommunityConfiguration to load configuration via HTTPOpen, Needs TriagePublicActions