Last modified: 2010-10-15 17:14:14 UTC
From http://en.wiktionary.org/w/api.php * action=purge * Purge the cache for the given titles. This module requires read rights. This module requires write rights. Parameters: titles - A list of titles Example: api.php?action=purge&titles=Main_Page|API From http://commons.wikimedia.org/w/api.php * action=purge * Purge the cache for the given titles. This module requires read rights. This module requires write rights. This module only accepts POST requests. Parameters: titles - A list of titles Example: api.php?action=purge&titles=Main_Page|API Commons says that it only accepts POST requests. The English Wiktionary does not. Something is wrong.
I think this might be due to caching the help message. action=purge only requires post rights if your an anon, but the cache key for the help message doesn't distinguish between logged in users and non-logged in users. To test this theory, i went to http://commons.wikimedia.org/w/api.php which said POST needed for me at time of testing, but http://commons.wikimedia.org/w/api.php?version which uses a different cache key did not.
(In reply to comment #1) > I think this might be due to caching the help message. action=purge only > requires post rights if your an anon, but the cache key for the help message > doesn't distinguish between logged in users and non-logged in users. Yes, it seems you're right (I just tested a bit myself with curl and Firefox). Is there a bug about this already?
Have you try it logged in on both wikis? See at ApiPurge::mustBePosted() public function mustBePosted() { global $wgUser; return $wgUser->isAnon(); }
(In reply to comment #3) > Have you try it logged in on both wikis? > > See at ApiPurge::mustBePosted() > > public function mustBePosted() { > global $wgUser; > return $wgUser->isAnon(); > } I tested logged in and logged out. When I visit http://en.wiktionary.org/w/api.php right now logged in, the purge module says "This module only accepts POST requests." As far as I understand, this behavior is wrong (or at least unexpected).
A nice and clean solution for this could be to allow modules to add to the cache key by overriding a base method.
It seems that the purge module is exceptional (it's probably the only module that makes a distinction between POST behavior based on logged-in status). Modifying the purge module to output a generic message in the documentation is probably the simplest solution, something like "If you're not logged in, you must POST this request."
Seems like the ApiHelp caching is done seperately... Adding a variance of the isAnon would take care of this... $key = wfMemcKey( 'apihelp', $this->getModuleName(), $wgUser->isAnon(), SpecialVersion::getVersion( 'nodb' ) . $this->getMain()->getShowVersions() );
Created attachment 7734 [details] Patch Stashing a patch for this so I don't accidentally commit/loose it. Still seems a sane way to go. Roan?
(In reply to comment #8) > Created attachment 7734 [details] > Patch > > Stashing a patch for this so I don't accidentally commit/loose it. Still seems > a sane way to go. Roan? Looks good.
r74810