$params = $this->extractRequestParams();
$res = array();
- if ( $this->getMain()->getRequest()->getVal( 'callback' ) !== null ) {
- $this->setWarning( 'Tokens may not be obtained when using a callback' );
+ if ( $this->lacksSameOriginSecurity() ) {
+ $this->setWarning( 'Tokens may not be obtained when the same-origin policy is not applied' );
return;
}
public static function getTokenTypeSalts() {
static $salts = null;
if ( !$salts ) {
- wfProfileIn( __METHOD__ );
$salts = array(
'csrf' => '',
'watch' => 'watch',
'rollback' => 'rollback',
'userrights' => 'userrights',
);
- wfRunHooks( 'ApiQueryTokensRegisterTypes', array( &$salts ) );
+ Hooks::run( 'ApiQueryTokensRegisterTypes', array( &$salts ) );
ksort( $salts );
- wfProfileOut( __METHOD__ );
}
return $salts;