Page MenuHomePhabricator

Always request an edit token before page edit
Closed, ResolvedPublic


The hard-coded, non-authenticated edit token, +\, will go away soon, see T40417.

The apps should always request an edit token before sending the edit request, even when not logged in. The Android app has this done for description editing but not yet for page editing.

Event Timeline

bearND created this task.Dec 13 2016, 6:50 PM
Restricted Application added a subscriber: Aklapper. Ā· View Herald TranscriptDec 13 2016, 6:50 PM
jeremyb added a subscriber: jeremyb.Jan 2 2017, 5:55 AM
bearND updated the task description. (Show Details)Jan 6 2017, 5:29 PM

I think this change would prevent weird states like T155005: Error upon attempted edit from occurring. I'm not sure how frequently users are experiencing that but I vote to put it into Kanban sooner than later.

Change 332471 had a related patch set uploaded (by Mholloway):
Fetch CSRF token before each page edit

Change 332471 merged by jenkins-bot:
Fetch CSRF token before each page edit

Dbrant closed this task as Resolved.Jan 30 2017, 4:13 PM