CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/150971
Change subject: Don't check OAuth tokens on non-api requests ...................................................................... Don't check OAuth tokens on non-api requests We used to always validate OAuth tokens if an Authorization header was supplied in the request, except for calls to Special:OAuth, since those could use request tokens, which wouldn't validate in a normal check. This only does the check on API calls, since that's the only way users should use OAuth. Change-Id: I573ba252ff27e4c5201d34117cd907471e60c2e8 --- M api/MWOAuthAPI.setup.php 1 file changed, 1 insertion(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth refs/changes/71/150971/1 diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php index 0caff16..f634608 100644 --- a/api/MWOAuthAPI.setup.php +++ b/api/MWOAuthAPI.setup.php @@ -54,8 +54,7 @@ if ( $result === false ) { $context = \RequestContext::getMain(); $request = $context->getRequest(); - $title = $context->getTitle(); - if ( !MWOAuthUtils::hasOAuthHeaders( $request ) || $title->isSpecial( 'OAuth' ) ) { + if ( !MWOAuthUtils::hasOAuthHeaders( $request ) || !defined( 'MW_API' ) ) { $result = null; } else { try { -- To view, visit https://gerrit.wikimedia.org/r/150971 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I573ba252ff27e4c5201d34117cd907471e60c2e8 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OAuth Gerrit-Branch: master Gerrit-Owner: CSteipp <cste...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits