I was surprised to see this issue on one of my sites recently, as I don't know what could possibly be writing to the database by accessing @@history. I would have expected that to be read only. Debugging in plone.protect shows that the registered object is the Plone site itself.
Perhaps it doesn't matter, I don't think adding context/@@authenticator/token to the links on version_history_form should harm anything.
I was surprised to see this issue on one of my sites recently, as I don't know what could possibly be writing to the database by accessing @@history. I would have expected that to be read only. Debugging in plone.protect shows that the registered object is the Plone site itself.
Perhaps it doesn't matter, I don't think adding context/@@authenticator/token to the links on version_history_form should harm anything.