Hello!

Thank you for both replies. The problem has thus for me been that I didn't understand the difference between "inter-wikimedia" API CORS usage and pure plain "anonymous guest" usage with JSONP. Maybe this should be mentioned in the API documentation? I think many outside users have dealt with it since there are many threads on Stack Overflow.

Probably the best place would be in the API:Main_page page's Introduction or Getting started section. The difference could be stated as "inter-wikimedia sites as defined in $wgCrossSiteAJAXdomains" and "outside guest usage". The API:Main_page mentions bots and client programs as potential users, but doesn't mention the relevant origin restrictions.

I understand that the The API:Cross-site_requests page tries to make this distinction between them, but at the time I bumped into it, I allready thought that it's just a matter of taste and not a matter of origin [of the request]. The API:Cross-site_requests page could link to two code snippets, the Manual:CORS (now wrongly linked under "See also" section, as it would apply to both) and also a modified snippet for JSONP usage. I attach a simple example down below.

That said, my problem was getting a truly cross-site request to work (as not listed in $wgCrossSiteAJAXdomains).

The problem with using $.getJSON() as suggested by Magnus, is that I can't set the necessary headers and thus comply with the API usage best practices.

What was needed for getting $.ajax() to work for me, was to set the dataType parameter to 'jsonp' (just adding the string 'callback=?' to the url or data doesn't do the magic as it does when using $.getJSON()) and setting cache to true.
Strangely enough, HTTP Origin is not sent for me, thus I cannot send 'origin' to the API. I get a mismatch back from the API if I send it, but succeeds if I don't send it. I don't know HTTP, so I don't know why this happens.

The code I ended up with was (although this doesn't reflect the parameters needed for complyfng to best practices and API etiquette):

$.ajax( {
    'url': 'https://en.wikipedia.org/w/api.php',
    'data': {
        'action': 'query',
        'meta':   'userinfo',
        'format': 'json',
        'origin': location.window // depends on whether HTTP Origin header is sent or not
    },
    'xhrFields': {
        'withCredentials': true
    },
    'success': function( data ) {
        alert( 'Foreign user ' + data.query.userinfo.name +
            ' (ID ' + data.query.userinfo.id + ')' );
    },
    'dataType': 'jsonp',
    'cache': true
} );
/* end of code snippet */

Best regards
Kristian K

01.09.2014 14:27, Magnus Manske kirjutas:

Try JSONP (add "&callback=CALLBACKFUNCTION" to your URL; jQuery: $.getJSON ( "URL&callback=?" will work)

On Mon, Sep 1, 2014 at 10:58 AM, Kristian Kankainen <kristian@eki.ee> wrote:

Hello!

Since I don't get even the simplest code snippet to work (e.g [1]) I want to ask a really simple question.

Am I allowed to query the Wikipedia API [2] from any domain if I specify the 'origin' field to correspond my domain? Or is there a whitelist with only perhaps all relevant WikiMedia sites blocking me from this. I have tried more elaborate ajax script parameters following all bot best practices but I get CORS blocked.

The code snippet mentioned above was modified only with "'origin': location.origin" but I get the error:
"SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data"
(using jquery 1.11.0 and Firefox 31.0).

Best wishes
Kristian Kankainen

[1]: https://www.mediawiki.org/wiki/Manual:CORS
[2]: https://et.wikipedia.org/w/api.php

_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api