This would avoid DBPerformance log warnings about DB updates on HTTP GET
|Open||aaron||T88445 MediaWiki active/active datacenter investigation and work (tracking)|
|Resolved||Krinkle||T130946 Make ?action=markpatrolled require POST|
In principle, MediaWiki already attaches JS click handlers to these links and submits POST to the API to perform the action.
However there are two cases in which this may still cause the action to happen over GET outside the API:
- Some pages may be missing the ajax module and thus have the fallback for everyone on those pages.
The first action item would be to remove support for token on that entry point over GET so that even in the current implementation (and any stray pointers from gadgets potentially) will naturally end up serving the POST-ification form instead. We did this with watch already I think. And I'm doing the same with rollback too.