https://bugzilla.wikimedia.org/show_bug.cgi?id=27655
--- Comment #11 from Liangent <[email protected]> 2011-06-03 14:54:58 UTC --- (In reply to comment #10) > (In reply to comment #8) > > Why was this fixed in reverse order? > > > > It should have been fixed first in html, then in javascript (which could > > then > > take advantage of the token in the url). > > I disagree about it being the reversed order. They are two distinct methods > using different protocols and different tokens. > > One is through the API, which scripts and programs use. This is through a POST > request with a standard token that can be retrieved from the API. > > The other is on-wiki through index.php. This is trough a GET request with a > stronger token (on-wiki action links can only be GET and thus need a little > stronger protection, I'm not sure if that is still the case, but that's the > way > we did it with patrol and rollback links in index.php, so it makes sense to > that here as well). > > Both are independent and need to be fixed seperately. AFAIK the order doesn't > matter. > > The reason the on-wiki javascript-watch button is using the token already and > the html isn't, is because the javascript button is using the API (not > index.php), so I adjusted it in advance (since the API watch-module was > already > done) and the javascript wouldn't be done differently if it were fixed the > other way around (ie. index.php first and api.php later) > > -- > > In the past many gadgets ajaxified functions by making a ajax-request to the > index.php url (which they scrapped from the page) and giving an "OK" message > through dom-manipulation by checking the http response code or by digging > through the HTML of the response. This isn't very clean and doesn't provide > very complete or accurate response to the user, and one could argue whether > this is efficient (as it would cause MediaWiki to render an entire page rather > than just a simple request with a short JSON response, that is more machine > readable and language/wiki independent). > > Therefor the ajax-watch was switched to using the API a while ago. There is index.php?action=ajax but I don't know where we are using it. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
