Page titles used in URL paths, such as the Location header returned
after a page was created, must use the correct encoding for spaces and
pluses.
Bug: T258606
Change-Id: I75e91ac8f8da4eb183a9c8f1a682ea08c2225227
The following endpoints move from v0 to v1:
GET page/{title}/links/language
GET page/{title}
PUT page/{title}
POST page
GET page/{title}/bare
GET page/{title}/html
GET page/{title}/with_html
GET page/{title}/links/media
GET file/{title}
NOTE: after merging this, give SRE a heads up, e.g. by
putting a note on the train ticket when this is merged
(navigate from T254174 as appropriate).
Bug: T255043
Change-Id: I3b8890da901e6312582d9a215c6a647173f16149
CSRF tokens should only be required (and only be allowed) if
the current session isn't already inherently safe against
CSRF due to the way the authentication mechanism works.
This allows (and requires) tokens to be omitted for requests
that use an OAuth Authorization header.
Bug: T230843
Bug: T230842
Bug: T237852
Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5
NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo,
to fix unit tests after a breaking change to Router's constructor
signature.
Bug: T230842
Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf
