sbassett added a comment.
In T264822#7183569 <https://phabricator.wikimedia.org/T264822#7183569>, @Ladsgroup wrote: > Created T285761: Add proper security headers to Query Builder <https://phabricator.wikimedia.org/T285761> for headers. Sounds good. The defaults for service-template-node <https://github.com/wikimedia/service-template-node/blob/master/app.js#L99-L113> would likely be a good baseline to model. > Does T276366: Replace vue-cli with vite and webpack with rollup <https://phabricator.wikimedia.org/T276366> mitigate the medium security risk in packaging? If so, we can prioritize it. Yes! I believe rollup has become somewhat agreed-upon as a less risky alternative to webpack. > Regarding performance review, I want to mention this will be on wikidata.org but a separate, statically served site (basically something like https://security.wikimedia.org/) and won't have any interaction with mediawiki (beside being in the same high level DNS domain). Do we still need to get performance review for it? Ok, I just meant that it's something that would be hosted under a production TLD, as stated: "We intend to deploy it as a subpage of the existing Wikidata Query Service at query.wikidata.org". A perf review is never //required// for any production deployment, AIUI, but is strongly recommended in many cases. Again, I'd recommend asking the #performance-team <https://phabricator.wikimedia.org/tag/performance-team/> if they feel it would be a good idea to perform such a review for this codebase, largely as a way to surface any potential DoS-related issues. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett Cc: Reedy, Mstyles, karapayneWMDE, Addshore, sbassett, Michael, Ladsgroup, Lydia_Pintscher, Jakob_WMDE, guergana.tzatchkova, conny-kawohl_WMDE, bete, Aklapper, Invadibot, Devnull, maantietaja, Akuckartz, Jcross, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, Mbch331, Legoktm
_______________________________________________ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org
