On 2013-03-22 5:22 PM, "MZMcBride" z@mzmcbride.com wrote:
Juliusz Gonera wrote:
We've been having a hard time making photo uploads work in MobileFrontend because of CentralAuth's third party cookies problem (we upload them from Wikipedia web site to Commons API). Apart from the newest Firefox [1,2], mobile Safari also doesn't accept third party cookies unless the domain has been visited and it already has at least one cookie set.
Even though we have probably found a solution for now, it's a very shaky and not elegant workaround which might stop working any time (if some detail of default browser cookie policy changes again) [3].
I came up with another idea of how this could be solved. The problem we have right now is that Commons is on a completely different domain than Wikipedia, so they can't share the login token cookie. However, we could set up alternative domains for Commons, such as commons.wikipedia.org, and then the cookie could be shared.
The only issue I see with this solution is that we would have to prevent messing up SEO (having multiple URLs pointing to the same resource). This, however, could be avoided by redirecting every non-API request to the main domain (commons.wikimedia.org) and only allowing API requests on alternative domains (which is what we use for photo uploads on mobile).
This obviously doesn't solve the broader problem of CentralAuth's common login being broken, but at least would allow easy communication between Commons and other projects. In my opinion this is the biggest problem right now. Users can probably live without being automatically logged in to other projects, but photo uploads on mobile are just broken when we can't use Commons API.
Please let me know what you think. Are there any other possible drawbacks of this solution that I missed?
[1] http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/ [2]
https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_22
Hi Juliusz,
Please draft an RFC at https://www.mediawiki.org/wiki/RFC. :-)
commons.wikipedia.org already redirects to commons.wikimedia.org (for historical reasons, maybe), so that has to be considered. I think what you're proposing is also kind of confusing and I'm wondering if there aren't better ways to approach the problem.
A good RFC will lay out the underlying components in a "Background" section, the problem you're attempting to solve in a "Problem" section, and then offer possible solutions in a "Proposals" section. Variants on this also usually work.
MZMcBride
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Imo this sounds like a hacky solution. Also doesnt work for wikis that are not commons.
That said I don't have a better solution atm.
-bawolff