On Thu, Sep 29, 2016 at 1:37 PM, Brad Jorsch (Anomie) <bjorsch@wikimedia.org
wrote:
On Thu, Sep 29, 2016 at 4:00 PM, Brian Wolff bawolff@gmail.com wrote:
This way it will work for users without cookies (Maybe none exist, but I like the idea you can edit wikipedia without cookies)
There have been people who disabled cookies and still wanted to be able to use the sites.
For the good of most, I think it would be acceptable to require a very few to enable cookies to *edit*.
It will also have minimal breakage, as you won't have to adjust any existing usages of tokens (For example, on special pages).
Note it will affect scripts and API clients that expect to see "+" as the token as a sign that they're logged out, or worse assume that's the token and don't bother to fetch it.
We had breaking API/frontend infrastructure changes before, this one seems less invasive and will break only badly written clients. In any case, most clients are intended for logged in users.