Hi all, As of MediaWiki 1.19 the action of watching or unwatching a page requires a token [1]. A similar measure was taken during the development of 1.17 for the markpatrolled action, and the reason is the same: To prevent third-party sites from executing write actions without the users' permission.
The ApiWatch module must be posted and given a token. As with other edittoken-based api actions, the token is salted but stays the same throughout a session. Scripts may retrieve this token, as usual, through the ApiQueryInfo (must be logged in, anon users don't have action-watch) [4] On a sidenote, recently the the mw.user.tokens resourceloader module [8] has been created [9]. This, together with the mw.user.options module introduced in 1.17, gadgets can do advanced actions without polling the API for common data. If you script is ran from a wiki, you can get the tokens from [5] this Map without an http request to the query info module. An example has been made in the mediawiki.action.watch.ajax module [6]. This (un)watches through the API. The actual change in the WatchAction class was made in r89545 [3]. The ApiWatch module was changed in r88522 [7]. -- Krinkle [1] https://bugzilla.wikimedia.org/27655 Require token for (un)watching pages [2] https://bugzilla.wikimedia.org/29070 Add token to action=watch API [3] http://www.mediawiki.org/wiki/Special:Code/MediaWiki/89545 [4] http://yourdomain/w/api.php?action=query&prop=info&titles=Main+Page&intoken=watch [5] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules#tokens [6] http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/resources/mediawiki.action/mediawiki.action.watch.ajax.js?view=markup&pathrev=88554#l117 [7] http://www.mediawiki.org/wiki/Special:Code/MediaWiki/88522 [8] https://bugzilla.wikimedia.org/29067 Expose user.tokens like we do user.options in ResourceLoader [9] http://www.mediawiki.org/wiki/Special:Code/MediaWiki/88553 _______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l