I find myself wanting to use urlshortener to share wmcs operational services links, for example prometheus.wmcloud.org or grafana.wmcloud.org. Allowing *.wmcloud.org was rightfully declined in T231518: Add *.wmflabs.org to w.wiki shortener, and I'm wondering if we could instead allow a subset of well-known third level domains, e.g. (please edit at will)
Let me know what you think!
The Cloud-Services project tag is not intended to have any tasks. Please check the list on https://phabricator.wikimedia.org/project/profile/832/ and replace it with a more specific project tag to this task. Thanks!
From a privacy perspective, this proposal appears low risk. The request is limited to a small, explicit set of known WMCS operational services and avoids wildcard domains or user-controlled Toolforge tools, which were the primary privacy concerns in prior discussions.
URL shortening does not introduce new data collection or processing, but it does increase ease of sharing and visibility. This assessment assumes that the listed services do not expose personal data and already have appropriate access controls in place.
One adjacent consideration to flag is that any domains added to the allow-list should be reviewed to ensure they do not permit open redirects, as shortened links could otherwise be used to obscure the final destination and facilitate spam or malicious links.
Provided the allow-list remains tightly scoped, limited to infrastructure-owned services, and subject to appropriate domain hygiene (e.g., no open redirects), I do not see a major privacy concern with this.
I'm going to go ahead and close this ticket, please feel free to reopen if you have any questions.
Change #1238291 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):
[operations/mediawiki-config@master] Allow a selection of third-level wmcloud/toolforge domains for UrlShortener
Change #1238291 merged by jenkins-bot:
[operations/mediawiki-config@master] Allow a selection of third-level wmcloud/toolforge domains for UrlShortener
Mentioned in SAL (#wikimedia-operations) [2026-02-12T11:05:23Z] <reedy@deploy2002> Started scap sync-world: Backport for [[gerrit:1238291|Allow a selection of third-level wmcloud/toolforge domains for UrlShortener (T413211)]], [[gerrit:1239025|CommonSettings: Temporarily set $wgOATHUserHandlesTable = true (T416544)]]
Mentioned in SAL (#wikimedia-operations) [2026-02-12T11:07:31Z] <reedy@deploy2002> filippo, reedy: Backport for [[gerrit:1238291|Allow a selection of third-level wmcloud/toolforge domains for UrlShortener (T413211)]], [[gerrit:1239025|CommonSettings: Temporarily set $wgOATHUserHandlesTable = true (T416544)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Mentioned in SAL (#wikimedia-operations) [2026-02-12T11:12:12Z] <reedy@deploy2002> Finished scap sync-world: Backport for [[gerrit:1238291|Allow a selection of third-level wmcloud/toolforge domains for UrlShortener (T413211)]], [[gerrit:1239025|CommonSettings: Temporarily set $wgOATHUserHandlesTable = true (T416544)]] (duration: 06m 48s)