Legoktm closed this task as "Invalid". Legoktm edited projects, added MediaWiki-extensions-CentralAuth; removed Wikidata, Wikibase-JavaScript-Api. Legoktm added a comment.
That request isn't solely to fetch CSRF tokens, it serves another purpose: * Query the foreign wiki to see if we're already logged in there in the user's browser, which * means that there's no need to query for and use 'centralauthtoken' parameter. * * To avoid wasted requests, get a CSRF token at the same time. (from https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CentralAuth/+/refs/heads/master/modules/ext.centralauth.ForeignApi.js#81) The request scheme is described at https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CentralAuth/+/refs/heads/master/modules/ext.centralauth.ForeignApi.js#9 - basically if you are not logged in remotely, you need to get a short-lived centralauthtoken for each foreign request. But if you're logged in remotely, which is what the meta=userinfo is for, then we don't need centralauthtokens. And since we're making a request anyways, it makes sense to fetch the CSRF token at that time, if possible. TASK DETAIL https://phabricator.wikimedia.org/T308389 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Legoktm Cc: Legoktm, Aklapper, AlexisJazz, Trngsh15, Mengs21, Zabe, EgbeRef, Vaibhav0199, Tinzawoo533, CptViraj, WDoranWMF, Majavah, Onmir, DannyS712, wildly_boy, Mh-3110, Yahya, Amorymeltzer, Jayprakash12345, enigmaeth, rohitt, Sethakill, dg711, Dixtosa, Wong128hk, Snowolf, Dinoguy1000, jayvdb, Jay8g, Astuthiodit_1, karapayneWMDE, Invadibot, maantietaja, ItamarWMDE, Akuckartz, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Mbch331
_______________________________________________ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org