As a side note, chrome extensions can authorize a domain and use it as if they're requesting while on the site, it seems, to prevent cors errors.
https://developer.chrome.com/extensions/declare_permissions
That may require that your user login directly in Wikipedia rather than through your extension - but once the login is recognized, the API calls pass through without CORS issues, as long as you add the URL format to your permission declaration in the manifest.
I've created a small extension testing out some Echo functionality using exactly that. The API calls were successful, the only issue I had was that the user had to be logged into Wikipedia already.
This may not be a perfect solution, but it might save you the trouble of working with OAuth and doing the login yourself.
On Thu, Oct 27, 2016 at 2:34 PM, Gergo Tisza gtisza@wikimedia.org wrote:
On Wed, Oct 26, 2016 at 12:26 PM, Bartosz DziewoĆski matma.rex@gmail.com wrote:
Firstly, I'm afraid that page might not be up to date; there have been some changes to modernize the login API recently, and that page was last updated in 2013. The canonical documentation is < https://www.mediawiki.org/wiki/API:Login%3E (in English).
Secondly, login API is mostly intended for scripts running in the context of the wiki you want to log in to, not for scripts running on other pages or browser extensions. I'm not an expert on this, but I think you'll want to look into using OAuth: https://www.mediawiki.org/wiki/OAuth.
OAuth is unfortunately hard to do in a browser plugin, as its security relies on the assumption that the application secret is only known to the developer.
It's not easy to give useful advice without knowing what is it you are trying to build (see the XY problem - http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem ) or at least why the CORS manual was not helpful. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l