jayvdb added projects: Pywikibot-tests, PyWikiBot-Interwiki-Map. jayvdb set Security to none. TASK DETAIL https://phabricator.wikimedia.org/T85725 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs

jayvdb moved this task to MW Version 1.14+ issues on the PyWikiBot-Interwiki-Map workboard. TASK DETAIL https://phabricator.wikimedia.org/T85725 WORKBOARD https://phabricator.wikimedia.org/project/board/900/ REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs

XZise added a subscriber: XZise. XZise added a comment. One main problem here is how to determine if a token name like //edit// is actually a //csrf// token. We could do it similar to the current implementation that we have a static set which contains all tokens which are mapped to the //csrf// token. As this is about past tokens, this set won't change (unless other tokens at a later point are mapped to a //csrf// token). One problem there is that it doesn't detect if tokens by extensions are mapped now to the //csrf// token. Another suggestion was to look in the paraminfo for `prop=info` and compare that list (which does contain all token names except the //csrf// token, but those mapped to //csrf//) to the new `meta=tokens` paraminfo. Problem there is, that `intoken` is deprecated so at some point this will break. TASK DETAIL https://phabricator.wikimedia.org/T85725 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: XZise Cc: Aklapper, jayvdb, Omegat, XZise, pywikipedia-bugs

Ricordisamoa added a subscriber: Ricordisamoa. TASK DETAIL https://phabricator.wikimedia.org/T85725 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Ricordisamoa Cc: Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs

gerritbot added a project: Patch-For-Review. TASK DETAIL https://phabricator.wikimedia.org/T85725 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: gerritbot Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs

jayvdb closed this task as "Resolved". jayvdb claimed this task. jayvdb added a comment. @xzise, re your Jan 3 comment about csrf, do we need to do any more here? Is a new task needed to flesh out the problem? Or please re-open if the recently merged code has regressed some aspect of handling tokens. TASK DETAIL https://phabricator.wikimedia.org/T85725 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: jayvdb Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs

XZise added a comment. Well @akashagarwal has implemented in such a way that it behaves like before. The only problem there is when `action=tokens` or `prop=info&intoken=…` are removed because then the code can't compare it to anything. TASK DETAIL https://phabricator.wikimedia.org/T85725 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: jayvdb, XZise Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs