Last modified: 2008-10-27 19:26:31 UTC
I'd like to know if it would be possible to have the edit token available on any page (not only when editing)? I know I could probably get this through AJAX scripting but that's the the best way I think. On Polish Wikipedia we have a script for reporting bugs and it currently uses the Tool Server and a bot to add reports. If the edit token would be available, the form created through JS could simply add a new section (submitting changes with one click) and the bot would be used only to pass info about these changes to an IRC channel (as it does now).
This would likely interfere with caching, and would harm our ability to change the token on the fly (automatic regeneration) and have things still work.
I recently had a similar needing. I did a 'fastdelete' script, avoiding to confirm the deletion. http://es.wikipedia.org/wiki/Usuario:Platonides/fastdelete.js To have the EditToken available, it rememberes it (the edittoken is the same for the session) at edits/deletes, on a cookie http://es.wikipedia.org/wiki/Usuario:Platonides/StoreSettings.js
(In reply to comment #1) > This would likely interfere with caching, and would harm our ability to change > the token on the fly (automatic regeneration) and have things still work. Caching - why? I thought it was generated once during each session.
(In reply to comment #3) > Caching - why? I thought it was generated once during each session. As I said in comment 1, we might like to alter things so tokens are regenerated more often. Tokens for different operations are also salted, and so can vary according to the operation in question. Your browser will attempt to cache the page, including the script. The whole point of an edit token is to help prevent malicious form submission hijacking; I'm not convinced that providing an edit token on every page via JavaScript wouldn't partly defeat the purpose of it.
Just to document it: The only token which is currently different is the rollback one, which is hashed with the user you're reverting. The editToken is also unrelated to the ___Token cookie, used for login.
(In reply to comment #5) > The only token which is currently different is the rollback one, which is hashed > with the user you're reverting. That is incorrect.
Resolving as WORKSFORME. The edit token can be obtained from the API using AJAX, or scraped from the hidden form field if you happen to be on the edit form. API URL: http://en.wikipedia.org/w/api.php?action=query&titles=Main_Page&prop=info&intoken=edit (append &format=whatever to get a different format; for help, see http://en.wikipedia.org/w/api.php )
(See [[Wikipedia:WikiProject_User_scripts/Guide/Ajax]] for a tutorial on doing so with JavaScript.)
