[prev in list] [next in list] [prev in thread] [next in thread]
List: wikitech-l
Subject: Re: [Wikitech-l] [RFC] Giving actual CSRF tokens to not logged in users (T40417)
From: "Brad Jorsch (Anomie)" <bjorsch () wikimedia ! org>
Date: 2016-09-30 13:56:58
Message-ID: CAEepRSu2sU-n9gihFH+8OwhzWEbVRySVHRG=3gacJ6NNsR26Pw () mail ! gmail ! com
[Download RAW message or body]
On Thu, Sep 29, 2016 at 5:10 PM, Max Semenik <maxsem.wiki@gmail.com> wrote:
> On Thu, Sep 29, 2016 at 1:37 PM, Brad Jorsch (Anomie) <
> bjorsch@wikimedia.org
> > wrote:
> > Note it will affect scripts and API clients that expect to see "+\" as
> the
> > token as a sign that they're logged out, or worse assume that's the token
> > and don't bother to fetch it.
>
> We had breaking API/frontend infrastructure changes before, this one seems
> less invasive and will break only badly written clients. In any case, most
> clients are intended for logged in users.
>
It still should be known that these will break and should be announced in
the proper place (mediawiki-api-announce) and time.
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic