Skip to content

Web API: do not leak internal, non-intrinsic origin identifiers

As a by-product of the discussion in T1731, we determined that leaking integer identifiers for origins was not a good idea in the first place. We should stop doing that, by returning only the information that an origin is known in the response for /origin, and expecting clients to still provide full-URLs to subsequent end points to specify an URL (e.g., /origin/visit).

It is yet undecided whether we want to do that by breaking backward compatibility for API version 1 (it's beta anyway…) or if this should be our "chance" to start version 2 of the API.

Migrated from T1791 (view on Phabricator)