From Flow.php:
// Salt used to generate edit tokens for authenticating Flow actions
$wgFlowTokenSalt = 'flow';
From includes/api/ApiFlow.php:
public function getTokenSalt() { global $wgFlowTokenSalt; return $wgFlowTokenSalt; }
Why is Flow using a non-standard token? What's the advantage to doing so?
It's a disadvantage to anyone using the API since they need to fetch another token, and in many cases they already have an edit token.
Version: unspecified
Severity: normal