+ops
On Thu, Mar 21, 2013 at 8:20 AM, Juliusz Gonera <jgonera(a)wikimedia.org>wrote;wrote:
We've been having a hard time making photo uploads
work in
MobileFrontend because of CentralAuth's third party cookies problem (we
upload them from Wikipedia web site to Commons API). Apart from the
newest Firefox [1,2], mobile Safari also doesn't accept third party
cookies unless the domain has been visited and it already has at least
one cookie set.
Even though we have probably found a solution for now, it's a very shaky
and not elegant workaround which might stop working any time (if some
detail of default browser cookie policy changes again) [3].
I came up with another idea of how this could be solved. The problem we
have right now is that Commons is on a completely different domain than
Wikipedia, so they can't share the login token cookie. However, we could
set up alternative domains for Commons, such as
commons.wikipedia.org,
and then the cookie could be shared.
The only issue I see with this solution is that we would have to
prevent messing up SEO (having multiple URLs pointing to the same
resource). This, however, could be avoided by redirecting every
non-API request to the main domain (
commons.wikimedia.org) and only
allowing API requests on alternative domains (which is what we use for
photo uploads on mobile).
This obviously doesn't solve the broader problem of CentralAuth's common
login being broken, but at least would allow easy communication between
Commons and other projects. In my opinion this is the biggest problem
right now. Users can probably live without being automatically logged in
to other projects, but photo uploads on mobile are just broken when we
can't use Commons API.
Please let me know what you think. Are there any other possible
drawbacks of this solution that I missed?
[1]
http://webpolicy.org/2013/02/**22/the-new-firefox-cookie-**policy/<http:…
[2]
https://developer.mozilla.org/**en-US/docs/Site_Compatibility_**
for_Firefox_22<https://developer.mozilla.org/en-US/docs/Site_Compatibili…
[3]
https://gerrit.wikimedia.org/**r/#/c/54813/<https://gerrit.wikimedia.org…
--
Juliusz
______________________________**_________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.…
--
Arthur Richards
Software Engineer, Mobile
[[User:Awjrichards]]
IRC: awjr
+1-415-839-6885 x6687