On Sun, Aug 14, 2011 at 12:21 PM, Krinkle krinklemail@gmail.com wrote:

The API has been around for a while now and many scripts even started to assume it's presence by default.

What we'd like to know: Do you have one of these configuration variables set to false on your wiki ? And if so, what is the reason for this. We'd like to collect some information and motivation on this so that we can make a better decision at removing these and/or helping in finding a solution (if needed) to the problem that is currently being solved by setting these variables to false.

Back when the API was still new and exciting, we kept it off on some Wikimedia wikis (and the write mode on a few more), especially for sensitive private wikis while it was unsure whether authentication was working properly.

For quite some time however they've been set to on for all Wikimedia wikis, including internal/private ones.

New front-end code is generally assuming the API is on all the time in read-write mode and doesn't necessarily bother to check, as the few old things using the sajax interface etc have mostly been moved over to use the main API.

We've probably got no reason to ever disable these settings, except perhaps as a quick-fix to disable the entire API entry point until installation of a security fix -- in which case we'd probably *not* want it to go fiddling around all our HTML output to end up caching non-AJAX versions of things.

-- brion