Hello!
Thank you for both replies. The problem has thus for me been that I
didn't understand the difference between "inter-wikimedia" API CORS
usage and pure plain "anonymous guest" usage with JSONP. Maybe this
should be mentioned in the API documentation? I think many outside users
have dealt with it since there are many threads on Stack Overflow.
Probably the best place would be in the API:Main_page page's
Introduction or Getting started section. The difference could be stated
as "inter-wikimedia sites as defined in $wgCrossSiteAJAXdomains" and
"outside guest usage". The API:Main_page mentions bots and client
programs as potential users, but doesn't mention the relevant origin
restrictions.
I understand that the The API:Cross-site_requests page tries to make
this distinction between them, but at the time I bumped into it, I
allready thought that it's just a matter of taste and not a matter of
origin [of the request]. The API:Cross-site_requests page could link to
two code snippets, the Manual:CORS (now wrongly linked under "See also"
section, as it would apply to both) and also a modified snippet for
JSONP usage. I attach a simple example down below.
That said, my problem was getting a truly cross-site request to work (as
not listed in $wgCrossSiteAJAXdomains).
The problem with using $.getJSON() as suggested by Magnus, is that I
can't set the necessary headers and thus comply with the API usage best
practices.
What was needed for getting $.ajax() to work for me, was to set the
dataType parameter to 'jsonp' (just adding the string 'callback=?' to
the url or data doesn't do the magic as it does when using $.getJSON())
and setting cache to true.
Strangely enough, HTTP Origin is not sent for me, thus I cannot send
'origin' to the API. I get a mismatch back from the API if I send it,
but succeeds if I don't send it. I don't know HTTP, so I don't know why
this happens.
The code I ended up with was (although this doesn't reflect the
parameters needed for complyfng to best practices and API etiquette):
$.ajax( {
'url': 'https://en.wikipedia.org/w/api.php',
'data': {
'action': 'query',
'meta': 'userinfo',
'format': 'json',
'origin': location.window // depends on whether HTTP Origin
header is sent or not
},
'xhrFields': {
'withCredentials': true
},
'success': function( data ) {
alert( 'Foreign user ' + data.query.userinfo.name +
' (ID ' + data.query.userinfo.id + ')' );
},
'dataType': 'jsonp',
'cache': true
} );
/* end of code snippet */
Best regards
Kristian K
01.09.2014 14:27, Magnus Manske kirjutas:
Try JSONP (add
"&callback=CALLBACKFUNCTION" to your URL; jQuery:
$.getJSON ( "URL&callback=?" will work)
On Mon, Sep 1, 2014 at 10:58 AM, Kristian Kankainen <kristian(a)eki.ee
<mailto:kristian@eki.ee>> wrote:
Hello!
Since I don't get even the simplest code snippet to work (e.g [1])
I want to ask a really simple question.
Am I allowed to query the Wikipedia API [2] from any domain if I
specify the 'origin' field to correspond my domain? Or is there a
whitelist with only perhaps all relevant WikiMedia sites blocking
me from this. I have tried more elaborate ajax script parameters
following all bot best practices but I get CORS blocked.
The code snippet mentioned above was modified only with "'origin':
location.origin" but I get the error:
"SyntaxError: JSON.parse: unexpected end of data at line 1 column
1 of the JSON data"
(using jquery 1.11.0 and Firefox 31.0).
Best wishes
Kristian Kankainen
[1]:
https://www.mediawiki.org/wiki/Manual:CORS
[2]:
https://et.wikipedia.org/w/api.php
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
<mailto:Mediawiki-api@lists.wikimedia.org>
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api