TLDR: We will soon remove some parameters that were used to obtain CSRF tokens in the MediaWiki API. This will break bots, gadgets and user scripts that are still using these parameters.
A significant and long delayed change to Action API is coming. API clients (user scripts, tools, etc) need to obtain a token before making write requests to MediaWiki over Action API. Up to MediaWiki 1.24 the action=tokens[1] and ‘token’ parameter in the following API endpoints were used to obtain a token: ‘rctoken’ in action=query&list=recentchanges [2] ‘rvtoken’ in action=query&prop=revisions [3] ‘intoken’ in action=query&prop=info [4] ‘ustoken’ in action=query&list=users[5] Since MediaWiki 1.24 these module and parameters were deprecated and were emitting deprecation warnings to API clients. These parameters and endpoint will now be removed from MediaWiki 1.37 and from Wikimedia installation. To obtain CSRF tokens clients now need to use a consolidated ‘action=query&meta=tokens’ endpoint. [6] Please respond to this email if you have any concerns or questions about this change. Petr Pchelko Staff Software Engineer Platform Engineering Team at WMF [1] https://en.wikipedia.org/w/api.php?action=help&modules=tokens <https://en.wikipedia.org/w/api.php?action=help&modules=tokens> [2] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Brecentchanges <https://en.wikipedia.org/w/api.php?action=help&modules=query%2Brecentchanges> [3] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Brevisions <https://en.wikipedia.org/w/api.php?action=help&modules=query%2Brevisions> [4] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Binfo <https://en.wikipedia.org/w/api.php?action=help&modules=query%2Binfo> [5] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Busers <https://en.wikipedia.org/w/api.php?action=help&modules=query%2Busers> [6] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Btokens <https://en.wikipedia.org/w/api.php?action=help&modules=query%2Btokens>
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
