Open
Description
The /import and /delete endpoints are something you generally don't want to leave exposed to the Internet. At Wikimedia, we've turned these off at the web server layer hoping that it can't be bypassed.
That suffices for now, but I'd like to either integrate this into the software, or embrace it as the recommended practice and advertise/document it here so that other people can learn from it, and also so that it will be taken into account when making changes in the future.
Metadata
Metadata
Assignees
Labels
No labels