Page MenuHomeMiraheze
Create Task
Maniphest T8143

CSP review for Bing Maps
Closed, ResolvedPublic
Actions

Description

We might be using this on FAMEPedia and FAMEData.
Someone can probably update this description with necessary information.

CSP REVIEW

  • Is the site equipped with a privacy policy? Yes, Microsoft PP
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? Yes
  • Does the site provide a list of personal data being collected by using the service? Yes, see PP
  • Is the website owner known to have a bad reputation regarding privacy? Not as far as I'm aware
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Yes, should be possible
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? Yes
  • Is the site equipped with a security policy? Part of PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? I haven't seen any specifics, but given the GDPR commitment and the fact that the company is Microsoft that can be assumed
  • Is the website owner known to have a bad reputation regarding information security? Not as far as I'm aware of
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? There is a CISO but contact probably needs to be done via a general support form

Related Objects

Event Timeline

Ugochimobi triaged this task as Normal priority.Oct 10 2021, 12:39
Ugochimobi created this task.
Herald added a project: MediaWiki (SRE). · View Herald TranscriptOct 10 2021, 12:39
Herald added subscribers: Unknown Object (User), RhinosF1. · View Herald Transcript
Redmin subscribed.Oct 11 2021, 19:22
RhinosF1 moved this task from Backlog to Short Term on the MediaWiki (SRE) board.Oct 26 2021, 22:17
Unknown Object (User) updated the task description. (Show Details)Nov 20 2021, 19:57
Reception123 updated the task description. (Show Details)Jan 19 2022, 11:29
Reception123 added subscribers: Owen, Reception123.

Microsoft seems to comply with the checklist (there's some things I couldn't confirm as seen above) and given its notoriety and the vast number of users who use Microsoft services anyway I think it's safe to assume that it would pass a CSP review and therefore I'd recommend approving. Passing on to T&S.

Reception123 moved this task from SRE Review to T&S Review on the CSP Review board.Jan 19 2022, 11:31
Reception123 added a project: Trust & Safety.
Dmehus subscribed.Jan 23 2022, 21:19
In T8143#174754, @Reception123 wrote:

Microsoft seems to comply with the checklist (there's some things I couldn't confirm as seen above) and given its notoriety and the vast number of users who use Microsoft services anyway I think it's safe to assume that it would pass a CSP review and therefore I'd recommend approving. Passing on to T&S.

@Reception123 Is Google Maps whitelisted?

Unknown Object (User) added a comment.Jan 23 2022, 21:26
In T8143#175391, @Dmehus wrote:
In T8143#174754, @Reception123 wrote:

Microsoft seems to comply with the checklist (there's some things I couldn't confirm as seen above) and given its notoriety and the vast number of users who use Microsoft services anyway I think it's safe to assume that it would pass a CSP review and therefore I'd recommend approving. Passing on to T&S.

@Reception123 Is Google Maps whitelisted?

Yes, it is.

Owen added a comment.Feb 2 2022, 16:20

Approved.

Owen moved this task from T&S Review to EM Review on the CSP Review board.Feb 2 2022, 16:20
John closed this task as Resolved.Feb 6 2022, 13:56
John claimed this task.
John moved this task from EM Review to Completed on the CSP Review board.
Restricted Repository Identity mentioned this in rPUPCf02ff2d837d2: T8143: add bing maps to iframe-src.Feb 6 2022, 13:56
Ugochimobi awarded a token.Feb 6 2022, 15:29