Legoktm closed this task as "Invalid".
Legoktm edited projects, added MediaWiki-extensions-CentralAuth; removed
Wikidata, Wikibase-JavaScript-Api.
Legoktm added a comment.
That request isn't solely to fetch CSRF tokens, it serves another purpose:
* Query the foreign wiki to see if we're already logged in there in
the user's browser, which
* means that there's no need to query for and use 'centralauthtoken'
parameter.
*
* To avoid wasted requests, get a CSRF token at the same time.
(from
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CentralAuth/+/refs/heads/master/modules/ext.centralauth.ForeignApi.js#81)
The request scheme is described at
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CentralAuth/+/refs/heads/master/modules/ext.centralauth.ForeignApi.js#9
- basically if you are not logged in remotely, you need to get a short-lived
centralauthtoken for each foreign request. But if you're logged in remotely,
which is what the meta=userinfo is for, then we don't need centralauthtokens.
And since we're making a request anyways, it makes sense to fetch the CSRF
token at that time, if possible.
TASK DETAIL
https://phabricator.wikimedia.org/T308389
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Legoktm
Cc: Legoktm, Aklapper, AlexisJazz, Trngsh15, Mengs21, Zabe, EgbeRef,
Vaibhav0199, Tinzawoo533, CptViraj, WDoranWMF, Majavah, Onmir, DannyS712,
wildly_boy, Mh-3110, Yahya, Amorymeltzer, Jayprakash12345, enigmaeth, rohitt,
Sethakill, dg711, Dixtosa, Wong128hk, Snowolf, Dinoguy1000, jayvdb, Jay8g,
Astuthiodit_1, karapayneWMDE, Invadibot, maantietaja, ItamarWMDE, Akuckartz,
Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen,
rosalieper, Scott_WUaS, Wikidata-bugs, aude, Mbch331
_______________________________________________
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org
