Last modified: 2008-10-27 19:26:31 UTC
I'd like to know if it would be possible to have the edit token available on any
page (not only when editing)? I know I could probably get this through AJAX
scripting but that's the the best way I think.
On Polish Wikipedia we have a script for reporting bugs and it currently uses
the Tool Server and a bot to add reports. If the edit token would be available,
the form created through JS could simply add a new section (submitting changes
with one click) and the bot would be used only to pass info about these changes
to an IRC channel (as it does now).
This would likely interfere with caching, and would harm our ability to change
the token on the fly (automatic regeneration) and have things still work.
I recently had a similar needing. I did a 'fastdelete' script, avoiding to
confirm the deletion.
To have the EditToken available, it rememberes it (the edittoken is the same for
the session) at edits/deletes, on a cookie
(In reply to comment #1)
> This would likely interfere with caching, and would harm our ability to change
> the token on the fly (automatic regeneration) and have things still work.
Caching - why? I thought it was generated once during each session.
(In reply to comment #3)
> Caching - why? I thought it was generated once during each session.
As I said in comment 1, we might like to alter things so tokens are regenerated
more often. Tokens for different operations are also salted, and so can vary
according to the operation in question. Your browser will attempt to cache the
page, including the script.
The whole point of an edit token is to help prevent malicious form submission
hijacking; I'm not convinced that providing an edit token on every page via
Just to document it:
The only token which is currently different is the rollback one, which is hashed
with the user you're reverting.
The editToken is also unrelated to the ___Token cookie, used for login.
(In reply to comment #5)
> The only token which is currently different is the rollback one, which is hashed
> with the user you're reverting.
That is incorrect.
Resolving as WORKSFORME. The edit token can be obtained from the API using AJAX, or scraped from the hidden form field if you happen to be on the edit form.
API URL: http://en.wikipedia.org/w/api.php?action=query&titles=Main_Page&prop=info&intoken=edit
(append &format=whatever to get a different format; for help, see http://en.wikipedia.org/w/api.php )