REST handlers that delegate to action API modules need to supply a
known-good token when the REST endpoint has been accessed in a way that
is safe against CSRF. This was done by returning null from getToken(),
which seems surprising and brittle. Having a method called needsToken()
makes the code easier to understand.
Follow-Up-To: If41749722b28c8c0e9898b3d3e7937167653fb10
Change-Id: I04148a7e000c3c73241bc20fe1582880b16b0056
Returning a known-good token is not part of the trait method because I
think handlers other than the ones based on the action API wouldn't even
need a token if the session is safe against CSRF.
Bug: T305043
Change-Id: If41749722b28c8c0e9898b3d3e7937167653fb10
The response from a null-edit should contain the current revision's
revision ID and timestamp, not the info from the edit's base revision.
Bug: T277601
Change-Id: I9d353cdc4cb9e3c1435c93ffe63ef4fef173ec4d
NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo,
to fix unit tests after a breaking change to Router's constructor
signature.
Bug: T230842
Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf
