https://bugzilla.wikimedia.org/show_bug.cgi?id=62614
--- Comment #65 from Arthur Richards <[email protected]> --- (In reply to Jon from comment #64) > We deep dived this issue again and concluded we should remove getMobileToken > in favour of user->getToken > > Chris says that soon anonymous editors will get a unique token when that is > called. Out of curiosity, is there a timeline for this? > In mean time there is a CSRF risk to anons using Special:MobileOptions but > we decided since risk was low we can live with this. This makes sense to me since this would only be an issue for anons. I'm ok with it so long as Chris S is OK with it. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
