[Wikidata-bugs] [Maniphest] T308389: mw.ForeignApi always gets a CSRF token, even if it can't use it
Legoktm closed this task as "Invalid". Legoktm edited projects, added MediaWiki-extensions-CentralAuth; removed Wikidata, Wikibase-JavaScript-Api. Legoktm added a comment. That request isn't solely to fetch CSRF tokens, it serves another purpose: * Query the foreign wiki to see if we're already logged in there in the user's browser, which * means that there's no need to query for and use 'centralauthtoken' parameter. * * To avoid wasted requests, get a CSRF token at the same time. (from https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CentralAuth/+/refs/heads/master/modules/ext.centralauth.ForeignApi.js#81) The request scheme is described at https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/CentralAuth/+/refs/heads/master/modules/ext.centralauth.ForeignApi.js#9 - basically if you are not logged in remotely, you need to get a short-lived centralauthtoken for each foreign request. But if you're logged in remotely, which is what the meta=userinfo is for, then we don't need centralauthtokens. And since we're making a request anyways, it makes sense to fetch the CSRF token at that time, if possible. TASK DETAIL https://phabricator.wikimedia.org/T308389 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Legoktm Cc: Legoktm, Aklapper, AlexisJazz, Trngsh15, Mengs21, Zabe, EgbeRef, Vaibhav0199, Tinzawoo533, CptViraj, WDoranWMF, Majavah, Onmir, DannyS712, wildly_boy, Mh-3110, Yahya, Amorymeltzer, Jayprakash12345, enigmaeth, rohitt, Sethakill, dg711, Dixtosa, Wong128hk, Snowolf, Dinoguy1000, jayvdb, Jay8g, Astuthiodit_1, karapayneWMDE, Invadibot, maantietaja, ItamarWMDE, Akuckartz, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Mbch331 ___ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org
[Wikidata-bugs] [Maniphest] T308389: mw.ForeignApi always gets a CSRF token, even if it can't use it
Maintenance_bot added a project: Wikidata. TASK DETAIL https://phabricator.wikimedia.org/T308389 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Maintenance_bot Cc: Aklapper, AlexisJazz, Astuthiodit_1, Trngsh15, karapayneWMDE, Invadibot, Mengs21, maantietaja, EgbeRef, ItamarWMDE, Vaibhav0199, Akuckartz, Tinzawoo533, WDoranWMF, Onmir, DannyS712, Nandana, Mh-3110, Yahya, Amorymeltzer, Lahi, Gq86, GoranSMilovanovic, Jayprakash12345, QZanden, enigmaeth, rohitt, LawExplorer, Sethakill, dg711, _jensen, rosalieper, Scott_WUaS, Dixtosa, Wikidata-bugs, aude, Dinoguy1000, jayvdb, Mbch331 ___ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org
[Wikidata-bugs] [Maniphest] T308389: mw.ForeignApi always gets a CSRF token, even if it can't use it
AlexisJazz created this task. AlexisJazz added projects: MediaWiki-Action-API, Wikibase-JavaScript-Api, JavaScript. Restricted Application added a subscriber: Aklapper. TASK DESCRIPTION **List of steps to reproduce** (step by step, including full links if applicable): var api = new mw.ForeignApi('https://wikidata.beta.wmflabs.org/w/api.php'); api.get({format:'json',action:'wbgetentities',props:'sitelinks',ids:'Q1'}).done(function(data){}); **What happens?**: Get: - https://wikidata.beta.wmflabs.org/w/api.php?action=query=json=https%3A%2F%2Fcommons.wikimedia.beta.wmflabs.org=userinfo%7Ctokens - https://wikidata.beta.wmflabs.org/w/api.php?action=wbgetentities=json=https%3A%2F%2Fcommons.wikimedia.beta.wmflabs.org=sitelinks=Q1 Links without origin to open in browser: - https://wikidata.beta.wmflabs.org/w/api.php?action=query=json=userinfo%7Ctokens - https://wikidata.beta.wmflabs.org/w/api.php?action=wbgetentities=json=sitelinks=Q1 **What should have happened instead?**: Just get the second link. You didn't need nor use that CSRF token. TASK DETAIL https://phabricator.wikimedia.org/T308389 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: AlexisJazz Cc: Aklapper, AlexisJazz, Trngsh15, Mengs21, EgbeRef, Vaibhav0199, Tinzawoo533, WDoranWMF, Onmir, DannyS712, Mh-3110, Yahya, Amorymeltzer, Jayprakash12345, enigmaeth, rohitt, Sethakill, dg711, Dixtosa, Wikidata-bugs, Dinoguy1000, jayvdb ___ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org