[Labs-l] Full Text Reference Tool: Approved exposing of ip addresses to an external API
Marc-André Pelletier
mpelletier at wikimedia.org
Thu May 29 17:14:54 UTC 2014
On 05/29/2014 12:05 PM, Simon Walker wrote:
> Try $_SERVER['HTTP_X_FORWARDED_FOR'] instead. Note that this is supposed
> to be a list of addresses, not just a single address.
>
That value is (deliberately) stripped on tool labs (though not for labs
projects in general) to allow tool labs tools to fall within the general
Wikimedia privacy policy rather than the less restrictive Labs privacy
policy.
That turns out to be important in the cases where tools are directly
linked (or even embedded) on project pages, where it is important that
endusers do not unwillingly access resources with lower privacy
requirements. Otherwise, our general privacy policy would entirely
disallow embedding and only allow link to tools with an intersitial
disclaimer (which would suck).
-- Marc
More information about the Labs-l
mailing list