You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /import and /delete endpoints are something you generally don't want to leave exposed to the Internet. At Wikimedia, we've turned these off at the web server layer hoping that it can't be bypassed.
That suffices for now, but I'd like to either integrate this into the software, or embrace it as the recommended practice and advertise/document it here so that other people can learn from it, and also so that it will be taken into account when making changes in the future.
The text was updated successfully, but these errors were encountered:
I think as first step these endpoints should be disabled by default and enabled only when someone explicitly enables them in config or at least restricted to 127.0.0.1 address by default.
The
/import
and/delete
endpoints are something you generally don't want to leave exposed to the Internet. At Wikimedia, we've turned these off at the web server layer hoping that it can't be bypassed.That suffices for now, but I'd like to either integrate this into the software, or embrace it as the recommended practice and advertise/document it here so that other people can learn from it, and also so that it will be taken into account when making changes in the future.
The text was updated successfully, but these errors were encountered: