Thread:Project:Support desk/MediaWiki Login via URL - POST method/reply (5)

That function is for the HTML login page, not the API, which is designed to give a machine readable output for bots.

The equivalent change for allowing GET requests to Special:UserLogin (which has a similar set of parameters, though named differently) would be to force  to , so you can use a URL like.

I must again caution that this SpecialUserlogin hack will allow login CSRF (a serious vulnerability that could allow compromise of admin accounts) and will impose a greater maintenance burden on you if you decide to upgrade MediaWiki in the future.