A late forward, but this is especially important for gadget authors.
-------- Forwarded Message -------- Subject: [Wikitech-l] Gadget usage of rollback, purge, and markpatrolled Date: Wed, 29 Jun 2016 13:42:12 -0700 From: Aaron Schulz [email protected] Reply-To: Wikimedia developers [email protected] To: [email protected], [email protected]
TL;DR: Gadgets should use HTTP POST for purge/rollback/markpatrolled actions.
-------
Some gadgets still use HTTP GET for page purge requests. In order to better facilitate multi-datacenter traffic routing [1] and to better comply with web standards [2], these types of requests should use POST instead. GET is considered, by specification, to be a "safe method". Since purge requests perform database writes and potentially significant rendering updates, they should use a state-changing HTTP method. Also, achieving of our multi-datacenter goal as planned involves leveraging safe HTTP methods to route request to either the closest or the primary datacenter for optimal performance.
Most of such requests to MediaWiki already require POST, but "purge" is one of the exceptions. There is no compelling reason for this to be exceptional, however. Exposing a URL parameter that does database writes, reparsing, and cache updates simply by following a link (especial with no CSRF token) encourages bad practice (having links that bypass cache) and the risk of performance problems if such a link becomes popular.
Rollback requests should also use HTTP POST given that it results in a page edit. The database operations are far more complex than purge, so in a multi-datacenter system, such requests (if using HTTP GET) could have much worse performance depending on the client's location (even if very close to a datacenter). Ideally, reversion tools would use the API for rollback, instead of index.php.
The markpatrolled action, like rollback, also involves a GET request with a token parameter. The core JavaScript MediaWiki provides already uses the API with POST, but users without javascript (and some Gadgets) are still using HTTP GET. The Gadgets should be converted to POST.
Purge, rollback, and markpatrolled support both POST and GET right now. Gadgets still using GET for these actions should be converted to use POST instead.
There is a task at T135170 [3] for MediaWiki to require POST for purge requests. Also see T88044 [4] for the same requirement for rollback requests.
[1] https://phabricator.wikimedia.org/T92357 [2] https://tools.ietf.org/html/rfc7231#section-4.2.1 [3] https://phabricator.wikimedia.org/T135170 [4] https://phabricator.wikimedia.org/T88044