It’s just important to note that if a run parameter is added, it should not be used if the same-site cookie is set to None (or Disabled and the browser defines None as the default).
If the same-site is none, you could enter some other site and they could make a http GET request, in the same way that CSRF is exploited, although this would not be a CSRF vulnerability per se, but they could execute some really expensive instructions in the data explorer.
The same-site cookie policy is relatively new, but the major browsers already support it for some time, Chrome defaults to Lax, and Discourse too (if I’m not wrong), so it should not be a problem in most cases.
The PR linked above was merged. Does this accomplish what you were looking for? You have to run the query to have the query params added to the URL, so you can run it, copy the link, and share.
We could add support for filling the inputs on the groups report run page, with params from the URL. That wouldn’t be difficult at alI. The question I have is, how do you get this URL? Is it generated for a given group somehow, or are you just manually generating the URL?
If you go to the group page, you’ll see a “Reports” tab with links to the queries that are available for that group, but the params would probably have to generated manually.