Hi,
thanks for providing this brilliant map service. I'd like to use it in a third-party application (a website), in accordance with the terms of use. I am sorry if this has been asked before, I tried to check the last couple months of the mailing list, but couldn't find anything related.
For privacy reasons, the website uses the no-referrer policy. While I think sharing a referrer with Wikimedia is alright, my website allows browsing OSM data, including links to the websites set in OSM, and I don't trust these websites with a referrer. Unfortunately, the referrer policy does not allow fine-grained configuration, it's a global on/off switch. Changing the user agent in a browser is considered a hack, and while it might work, it can break other third-party tools and could break with every browser update or when using an uncommon browser.
So I was wondering if you would consider a third method of authorization, like a query parameter that can be added to the url like `?referrer= example.com&contact=mail@example.com`? I think this could help people to use your service in accordance to the terms of use.
Thanks in advance, Robin
Hi Robin,
Thanks for reaching out. Have you considered using the referrer policy controls available in the fetch API https://googlechrome.github.io/samples/fetch-api/fetch-referrer-policy.html, or is there some reason those won't work for your use case?
Best, Michael
On Mon, Nov 26, 2018 at 11:09 AM Robin Boldt boldtrn@web.de wrote:
Hi,
thanks for providing this brilliant map service. I'd like to use it in a third-party application (a website), in accordance with the terms of use. I am sorry if this has been asked before, I tried to check the last couple months of the mailing list, but couldn't find anything related.
For privacy reasons, the website uses the no-referrer policy. While I think sharing a referrer with Wikimedia is alright, my website allows browsing OSM data, including links to the websites set in OSM, and I don't trust these websites with a referrer. Unfortunately, the referrer policy does not allow fine-grained configuration, it's a global on/off switch. Changing the user agent in a browser is considered a hack, and while it might work, it can break other third-party tools and could break with every browser update or when using an uncommon browser.
So I was wondering if you would consider a third method of authorization, like a query parameter that can be added to the url like `?referrer= example.com&contact=mail@example.com`? I think this could help people to use your service in accordance to the terms of use.
Thanks in advance, Robin _______________________________________________ Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Hi Michael,
thanks for getting back to me. Using the fetch API is a great idea and it might be possible to use in my case. Right now we don't use service workers, but I think it might be possible.
Regarding my initial request, is there a way we could an alternative to refferer and useragent to wikimedia maps like query parameters? I think it's not only me who struggles with this, I know several map libraries that don't easily allow to change the user-agent or referrer. If this is something you would consider, I'd be happy to have a look and see if I can contribute the relevant changes. Is this part open source? I had a look at the kartotherian https://github.com/kartotherian/ org but couldn't identify the relevant part.
Thanks, Robin
On Fri, Nov 30, 2018 at 7:15 PM Michael Holloway mholloway@wikimedia.org wrote:
Hi Robin,
Thanks for reaching out. Have you considered using the referrer policy controls available in the fetch API https://googlechrome.github.io/samples/fetch-api/fetch-referrer-policy.html, or is there some reason those won't work for your use case?
Best, Michael
On Mon, Nov 26, 2018 at 11:09 AM Robin Boldt boldtrn@web.de wrote:
Hi,
thanks for providing this brilliant map service. I'd like to use it in a third-party application (a website), in accordance with the terms of use. I am sorry if this has been asked before, I tried to check the last couple months of the mailing list, but couldn't find anything related.
For privacy reasons, the website uses the no-referrer policy. While I think sharing a referrer with Wikimedia is alright, my website allows browsing OSM data, including links to the websites set in OSM, and I don't trust these websites with a referrer. Unfortunately, the referrer policy does not allow fine-grained configuration, it's a global on/off switch. Changing the user agent in a browser is considered a hack, and while it might work, it can break other third-party tools and could break with every browser update or when using an uncommon browser.
So I was wondering if you would consider a third method of authorization, like a query parameter that can be added to the url like `?referrer= example.com&contact=mail@example.com`? I think this could help people to use your service in accordance to the terms of use.
Thanks in advance, Robin _______________________________________________ Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
On Sun, Dec 2, 2018 at 12:47 PM Robin Boldt boldtrn@web.de wrote:
Hi Michael,
thanks for getting back to me. Using the fetch API is a great idea and it might be possible to use in my case. Right now we don't use service workers, but I think it might be possible.
Regarding my initial request, is there a way we could an alternative to refferer and useragent to wikimedia maps like query parameters? I think it's not only me who struggles with this, I know several map libraries that don't easily allow to change the user-agent or referrer. If this is something you would consider, I'd be happy to have a look and see if I can contribute the relevant changes. Is this part open source? I had a look at the kartotherian org but couldn't identify the relevant part.
The policy requesting the use of referer is not technically enforced, so you won't find any references to it in code. Having referer information helps us understand where our traffic comes from and in case of issue from one particular source, it allows us to block only that source until the issues are resolved. We want our services to be as widely available as possible, but we need to balance that with the need to protect our services from abuse.
I hope that helps understand the context a bit.
Good luck!
Guillaume
Thanks, Robin
On Fri, Nov 30, 2018 at 7:15 PM Michael Holloway mholloway@wikimedia.org wrote:
Hi Robin,
Thanks for reaching out. Have you considered using the referrer policy controls available in the fetch API, or is there some reason those won't work for your use case?
Best, Michael
On Mon, Nov 26, 2018 at 11:09 AM Robin Boldt boldtrn@web.de wrote:
Hi,
thanks for providing this brilliant map service. I'd like to use it in a third-party application (a website), in accordance with the terms of use. I am sorry if this has been asked before, I tried to check the last couple months of the mailing list, but couldn't find anything related.
For privacy reasons, the website uses the no-referrer policy. While I think sharing a referrer with Wikimedia is alright, my website allows browsing OSM data, including links to the websites set in OSM, and I don't trust these websites with a referrer. Unfortunately, the referrer policy does not allow fine-grained configuration, it's a global on/off switch. Changing the user agent in a browser is considered a hack, and while it might work, it can break other third-party tools and could break with every browser update or when using an uncommon browser.
So I was wondering if you would consider a third method of authorization, like a query parameter that can be added to the url like `?referrer=example.com&contact=mail@example.com`? I think this could help people to use your service in accordance to the terms of use.
Thanks in advance, Robin _______________________________________________ Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Hi Guillaume,
thanks for the fast reply. This indeed helps to better understand the context. I will have a look at service workers and the fetch API then.
Sorry that I am so persistent about this. I think it would help to make your maps available to a wider audience, if you would allow an alternative to provide source and contact information to the request, as it is often easier to modify query parameters than modifying HTTP headers.
Thanks, Robin
On Sun, Dec 2, 2018 at 12:55 PM Guillaume Lederrey glederrey@wikimedia.org wrote:
On Sun, Dec 2, 2018 at 12:47 PM Robin Boldt boldtrn@web.de wrote:
Hi Michael,
thanks for getting back to me. Using the fetch API is a great idea and
it might be possible to use in my case. Right now we don't use service workers, but I think it might be possible.
Regarding my initial request, is there a way we could an alternative to
refferer and useragent to wikimedia maps like query parameters? I think it's not only me who struggles with this, I know several map libraries that don't easily allow to change the user-agent or referrer. If this is something you would consider, I'd be happy to have a look and see if I can contribute the relevant changes. Is this part open source? I had a look at the kartotherian org but couldn't identify the relevant part.
The policy requesting the use of referer is not technically enforced, so you won't find any references to it in code. Having referer information helps us understand where our traffic comes from and in case of issue from one particular source, it allows us to block only that source until the issues are resolved. We want our services to be as widely available as possible, but we need to balance that with the need to protect our services from abuse.
I hope that helps understand the context a bit.
Good luck!
GuillaumeThanks, Robin
On Fri, Nov 30, 2018 at 7:15 PM Michael Holloway <
mholloway@wikimedia.org> wrote:
Hi Robin,
Thanks for reaching out. Have you considered using the referrer policy
controls available in the fetch API, or is there some reason those won't work for your use case?
Best, Michael
On Mon, Nov 26, 2018 at 11:09 AM Robin Boldt boldtrn@web.de wrote:
Hi,
thanks for providing this brilliant map service. I'd like to use it in
a third-party application (a website), in accordance with the terms of use. I am sorry if this has been asked before, I tried to check the last couple months of the mailing list, but couldn't find anything related.
For privacy reasons, the website uses the no-referrer policy. While I
think sharing a referrer with Wikimedia is alright, my website allows browsing OSM data, including links to the websites set in OSM, and I don't trust these websites with a referrer. Unfortunately, the referrer policy does not allow fine-grained configuration, it's a global on/off switch. Changing the user agent in a browser is considered a hack, and while it might work, it can break other third-party tools and could break with every browser update or when using an uncommon browser.
So I was wondering if you would consider a third method of
authorization, like a query parameter that can be added to the url like `?referrer=example.com&contact=mail@example.com`? I think this could help people to use your service in accordance to the terms of use.
Thanks in advance, Robin _______________________________________________ Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
-- Guillaume Lederrey Operations Engineer, Search Platform Wikimedia Foundation UTC+1 / CET
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
On Sun, Dec 2, 2018 at 1:08 PM Robin Boldt boldtrn@web.de wrote:
Hi Guillaume,
thanks for the fast reply. This indeed helps to better understand the context. I will have a look at service workers and the fetch API then.
Sorry that I am so persistent about this. I think it would help to make your maps available to a wider audience, if you would allow an alternative to provide source and contact information to the request, as it is often easier to modify query parameters than modifying HTTP headers.
Please, be persistent! That's how we learn about the different needs and how we might address them at some point.
That being said, this is much larger than just maps. We have similar policies on all our services. So any change needs to be discussed in a wider forum than just the maps list. The standard to expose referrer information is (obviously) the Referer HTTP header, so that's what we use. Feel free to open a phabricator task to start a larger discussion.
Also note that the referrer-policy [2] offers some control over what a browser will publish. In particular, any or all of:
<meta name="referrer" content="origin"/> <meta name="referrer" content="origin-when-crossorigin"/> <meta name="referrer" content="origin-when-cross-origin"/>
might make sense in your context (I don't know much about your context, so this might or might not apply).
Thanks for challenging the status quo!
Guillaume
[1] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/ [2] https://www.w3.org/TR/referrer-policy/
Thanks, Robin
On Sun, Dec 2, 2018 at 12:55 PM Guillaume Lederrey glederrey@wikimedia.org wrote:
On Sun, Dec 2, 2018 at 12:47 PM Robin Boldt boldtrn@web.de wrote:
Hi Michael,
thanks for getting back to me. Using the fetch API is a great idea and it might be possible to use in my case. Right now we don't use service workers, but I think it might be possible.
Regarding my initial request, is there a way we could an alternative to refferer and useragent to wikimedia maps like query parameters? I think it's not only me who struggles with this, I know several map libraries that don't easily allow to change the user-agent or referrer. If this is something you would consider, I'd be happy to have a look and see if I can contribute the relevant changes. Is this part open source? I had a look at the kartotherian org but couldn't identify the relevant part.
The policy requesting the use of referer is not technically enforced, so you won't find any references to it in code. Having referer information helps us understand where our traffic comes from and in case of issue from one particular source, it allows us to block only that source until the issues are resolved. We want our services to be as widely available as possible, but we need to balance that with the need to protect our services from abuse.
I hope that helps understand the context a bit.
Good luck!
GuillaumeThanks, Robin
On Fri, Nov 30, 2018 at 7:15 PM Michael Holloway mholloway@wikimedia.org wrote:
Hi Robin,
Thanks for reaching out. Have you considered using the referrer policy controls available in the fetch API, or is there some reason those won't work for your use case?
Best, Michael
On Mon, Nov 26, 2018 at 11:09 AM Robin Boldt boldtrn@web.de wrote:
Hi,
thanks for providing this brilliant map service. I'd like to use it in a third-party application (a website), in accordance with the terms of use. I am sorry if this has been asked before, I tried to check the last couple months of the mailing list, but couldn't find anything related.
For privacy reasons, the website uses the no-referrer policy. While I think sharing a referrer with Wikimedia is alright, my website allows browsing OSM data, including links to the websites set in OSM, and I don't trust these websites with a referrer. Unfortunately, the referrer policy does not allow fine-grained configuration, it's a global on/off switch. Changing the user agent in a browser is considered a hack, and while it might work, it can break other third-party tools and could break with every browser update or when using an uncommon browser.
So I was wondering if you would consider a third method of authorization, like a query parameter that can be added to the url like `?referrer=example.com&contact=mail@example.com`? I think this could help people to use your service in accordance to the terms of use.
Thanks in advance, Robin _______________________________________________ Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
-- Guillaume Lederrey Operations Engineer, Search Platform Wikimedia Foundation UTC+1 / CET
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l