Lucas_Werkmeister_WMDE added a comment.
`origin=*` makes the request anonymous. Apparently anonymous users are allowed to shorten URLs (subject to a rate limit), but I think it would be nicer to tie the URLs to the user if they’re logged in. (I’m also surprised at the lack of a CSRF token, but if that’s an issue, it’s outside the scope of this task.) TASK DETAIL https://phabricator.wikimedia.org/T218568 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Lucas_Werkmeister_WMDE Cc: Bawolff, Aklapper, Lucas_Werkmeister_WMDE, alaa_wmde, ET4Eva, Nandana, sbassett, Lahi, Gq86, Darkminds3113, GoranSMilovanovic, Jayprakash12345, QZanden, EBjune, HJiang-WMF, Zoranzoki21, merbst, LawExplorer, Avner, DatGuy, Devwaker, Niklitov, Gehel, _jensen, Urbanecm, rosalieper, JEumerus, Jonas, Ananthsubray, FloNight, Xmlizer, dpatrick, Tulsi_Bhagat, Wong128hk, Luke081515, SimmeD, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, Snowolf, aude, Tobias1984, GWicke, Dcljr, Stype_and_Co.-WMF, Manybubbles, Jalexander, Parent5446, Anomie, Grunny, Jdforrester-WMF, MaxSem, csteipp, Matanya, Mbch331, Rxy, Jay8g, Krenair, Legoktm, chasemp
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
