Replace "use 418" option with a standard lightweight 403 response#15
Replace "use 418" option with a standard lightweight 403 response#15yaronkoren wants to merge 4 commits intomywikis:mainfrom
Conversation
|
Some users need it to return 418. It would be great if we can keep that in there. If a lightweight 403 is needed, that’s fine, but I don’t think it should replace the 418. |
|
Why would anyone need to return a 418 error? (I should note that the current code doesn't even include "418" in its output.) |
|
418 is more used to provide a specific anti-bot response whereas 403 is a more generic forbidden error which could be ambiguous - it could either mean unauthorized or blocked. Here’s where the 418 is returned: CrawlerProtection/includes/Hooks.php Line 134 in 890492d |
|
I know, but the string "418" never shows up in the browser. I'm not an expert in this, so - what is gained from the bot seeing the word "toaster" instead of "403"? And is it worth it for the increased confusion it would cause among regular users? |
|
The phrase "I'm A Teapot" is the literal name for 418. Despite originating as a joke, it's now (confusingly) been reappropriated into a spam blocking refusal. That's why any other nonsensical phrase doesn't work, but "I'm A Teapot" works. This was added by WikiTeq. In the interest of not blocking existing users, I don't think I can accept a feature patch that fundamentally changes the operation of the extension for existing users. However, would it be alright to add this as a different feature? |
|
Oh yeah, "teapot", not "toaster". Well, this is beyond my level of understanding (I had thought AI crawlers and spam bots purposely ignore what is sent at them, so it doesn't matter what error you display), but anyway, how about at least having the code always call header() and die() instead of the more complex MediaWiki functions, including i18n? I'm guessing there's a significant performance improvement there. |
|
I think it's a great idea to give folks the option to have the simple |
|
Thanks for your response. I don't think seeing a blank page with text at the top is necessarily scary, depending on what the text says... though if any text is scary, presumably the text "I'm a teapot" is quite a bit scarier, eliciting fears that the site has been hacked, or worse. Can you explain why a 418 is preferable to a 403? I did a web search, and all I found is that 418 is sometimes used to indicate "you are being blocked because you are an undesirable bot". But from the bot's perspective, what does it care? If it had a sense of shame, it wouldn't be doing what it's doing. And from a user's perspective, a cryptic message is significantly worse than a standard error message. These are two separate issues here, but they're somewhat connected in that I definitely think three different modes is overkill. |
|
@vedmaka might be able to better explain from WikiTeq's side why the 418 is their preference. |
2 participants
No description provided.