Hello!
Thank you for both replies. The problem has thus for me been that I didn't understand the difference between "inter-wikimedia" API CORS usage and pure plain "anonymous guest" usage with JSONP. Maybe this should be mentioned in the API documentation? I think many outside users have dealt with it since there are many threads on Stack Overflow.
Probably the best place would be in the API:Main_page page's Introduction or Getting started section. The difference could be stated as "inter-wikimedia sites as defined in $wgCrossSiteAJAXdomains" and "outside guest usage". The API:Main_page mentions bots and client programs as potential users, but doesn't mention the relevant origin restrictions.
I understand that the The API:Cross-site_requests page tries to make this distinction between them, but at the time I bumped into it, I allready thought that it's just a matter of taste and not a matter of origin [of the request]. The API:Cross-site_requests page could link to two code snippets, the Manual:CORS (now wrongly linked under "See also" section, as it would apply to both) and also a modified snippet for JSONP usage. I attach a simple example down below.
That said, my problem was getting a truly cross-site request to work (as not listed in $wgCrossSiteAJAXdomains).
The problem with using $.getJSON() as suggested by Magnus, is that I can't set the necessary headers and thus comply with the API usage best practices.
What was needed for getting $.ajax() to work for me, was to set the dataType parameter to 'jsonp' (just adding the string 'callback=?' to the url or data doesn't do the magic as it does when using $.getJSON()) and setting cache to true. Strangely enough, HTTP Origin is not sent for me, thus I cannot send 'origin' to the API. I get a mismatch back from the API if I send it, but succeeds if I don't send it. I don't know HTTP, so I don't know why this happens.
The code I ended up with was (although this doesn't reflect the parameters needed for complyfng to best practices and API etiquette):
$.ajax( { 'url': 'https://en.wikipedia.org/w/api.php', 'data': { 'action': 'query', 'meta': 'userinfo', 'format': 'json', 'origin': location.window // depends on whether HTTP Origin header is sent or not }, 'xhrFields': { 'withCredentials': true }, 'success': function( data ) { alert( 'Foreign user ' + data.query.userinfo.name + ' (ID ' + data.query.userinfo.id + ')' ); }, 'dataType': 'jsonp', 'cache': true } ); /* end of code snippet */
Best regards Kristian K
01.09.2014 14:27, Magnus Manske kirjutas:
Try JSONP (add "&callback=CALLBACKFUNCTION" to your URL; jQuery: $.getJSON ( "URL&callback=?" will work)
On Mon, Sep 1, 2014 at 10:58 AM, Kristian Kankainen <kristian@eki.ee mailto:kristian@eki.ee> wrote:
Hello! Since I don't get even the simplest code snippet to work (e.g [1]) I want to ask a really simple question. Am I allowed to query the Wikipedia API [2] from any domain if I specify the 'origin' field to correspond my domain? Or is there a whitelist with only perhaps all relevant WikiMedia sites blocking me from this. I have tried more elaborate ajax script parameters following all bot best practices but I get CORS blocked. The code snippet mentioned above was modified only with "'origin': location.origin" but I get the error: "SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data" (using jquery 1.11.0 and Firefox 31.0). Best wishes Kristian Kankainen [1]: https://www.mediawiki.org/wiki/Manual:CORS [2]: https://et.wikipedia.org/w/api.php _______________________________________________ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org <mailto:Mediawiki-api@lists.wikimedia.org> https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api