https://bugzilla.wikimedia.org/show_bug.cgi?id=62614
--- Comment #64 from Jon <jrob...@wikimedia.org> --- We deep dived this issue again and concluded we should remove getMobileToken in favour of user->getToken Chris says that soon anonymous editors will get a unique token when that is called. In mean time there is a CSRF risk to anons using Special:MobileOptions but we decided since risk was low we can live with this. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l