Hello!

Thank you for both replies. The problem has thus for me been that I didn't understand the difference between "inter-wikimedia" API CORS usage and pure plain "anonymous guest" usage with JSONP. Maybe this should be mentioned in the API documentation? I think many outside users have dealt with it since there are many threads on Stack Overflow.

Probably the best place would be in the API:Main_page page's Introduction or Getting started section. The difference could be stated as "inter-wikimedia sites as defined in $wgCrossSiteAJAXdomains" and "outside guest usage". The API:Main_page mentions bots and client programs as potential users, but doesn't mention the relevant origin restrictions.

I understand that the The API:Cross-site_requests page tries to make this distinction between them, but at the time I bumped into it, I allready thought that it's just a matter of taste and not a matter of origin [of the request]. The API:Cross-site_requests page could link to two code snippets, the Manual:CORS (now wrongly linked under "See also" section, as it would apply to both) and also a modified snippet for JSONP usage. I attach a simple example down below.

That said, my problem was getting a truly cross-site request to work (as not listed in $wgCrossSiteAJAXdomains).

The problem with using $.getJSON() as suggested by Magnus, is that I can't set the necessary headers and thus comply with the API usage best practices.

What was needed for getting $.ajax() to work for me, was to set the dataType parameter to 'jsonp' (just adding the string 'callback=?' to the url or data doesn't do the magic as it does when using $.getJSON()) and setting cache to true. Strangely enough, HTTP Origin is not sent for me, thus I cannot send 'origin' to the API. I get a mismatch back from the API if I send it, but succeeds if I don't send it. I don't know HTTP, so I don't know why this happens.

The code I ended up with was (although this doesn't reflect the parameters needed for complyfng to best practices and API etiquette):

$.ajax( { 'url': 'https://en.wikipedia.org/w/api.php', 'data': { 'action': 'query', 'meta': 'userinfo', 'format': 'json', 'origin': location.window // depends on whether HTTP Origin header is sent or not }, 'xhrFields': { 'withCredentials': true }, 'success': function( data ) { alert( 'Foreign user ' + data.query.userinfo.name + ' (ID ' + data.query.userinfo.id + ')' ); }, 'dataType': 'jsonp', 'cache': true } ); /* end of code snippet */

Best regards Kristian K

01.09.2014 14:27, Magnus Manske kirjutas:

Try JSONP (add "&callback=CALLBACKFUNCTION" to your URL; jQuery: $.getJSON ( "URL&callback=?" will work)

On Mon, Sep 1, 2014 at 10:58 AM, Kristian Kankainen <kristian@eki.ee mailto:kristian@eki.ee> wrote:

Hello!

Since I don't get even the simplest code snippet to work (e.g [1])
I want to ask a really simple question.

Am I allowed to query the Wikipedia API [2] from any domain if I
specify the 'origin' field to correspond my domain? Or is there a
whitelist with only perhaps all relevant WikiMedia sites blocking
me from this. I have tried more elaborate ajax script parameters
following all bot best practices but I get CORS blocked.

The code snippet mentioned above was modified only with "'origin':
location.origin" but I get the error:
"SyntaxError: JSON.parse: unexpected end of data at line 1 column
1 of the JSON data"
(using jquery 1.11.0 and Firefox 31.0).

Best wishes
Kristian Kankainen

[1]: https://www.mediawiki.org/wiki/Manual:CORS
[2]: https://et.wikipedia.org/w/api.php

_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
<mailto:Mediawiki-api@lists.wikimedia.org>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

---

Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api