On Mon, May 6, 2019 at 9:05 AM Brad Jorsch (Anomie) <bjorsch(a)wikimedia.org>
wrote:
On Mon, May 6, 2019 at 7:14 AM Egbe Eugene
<agboreugene(a)gmail.com> wrote:
After looking at [1]Manual:CORS and trying to
perform a request with
JQuery
from an external application, I still get the
error message saying
"Request
from origin has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource.
This is from a simple GET request to get imageinfo from Commons.
Without seeing the actual code you tried, I can only guess.
If you set the `origin` parameter to match the Origin header a browser
sends from your external site, and your external site is not listed in
$wgCrossSiteAJAXdomains,[1][2] the attempt to use CORS will be rejected. If
you inspect the response received, you should see a header
"MediaWiki-CORS-Rejection: Origin mismatch".
If you didn't set the `origin` parameter to so match, but just copied the
example at Manual:CORS, you should have received an HTTP 403 with a message
"'origin' parameter does not match Origin header".
If you set the `origin` parameter to "*" (that's the single character
U+002A) and set withCredentials = false in jQuery's xhrFields, it should
work from any remote site. But since cookies are neither being sent nor
used, the response will be served to you as an IP user. The code for that
could look something like this:
$.ajax( {
url: 'https://en.wikipedia.org/w/api.php',
data: {
action: 'query',
meta: 'userinfo',
format: 'json',
origin: '*'
},
xhrFields: {
withCredentials: false
},
dataType: 'json'
} ).done( function ( data ) {
console.log( 'Foreign user ' + data.query.userinfo.name + ' (ID ' +
data
.query.userinfo.id + ')' );
} );
It looks like
https://www.mediawiki.org/wiki/Manual:CORS could use
updating
to include the origin=* option, and perhaps to make it clearer that
logged-in accesses only work from whitelisted sites.
[1]: Docs:
https://www.mediawiki.org/wiki/Manual:$wgCrossSiteAJAXdomains
[2]: Config:
https://gerrit.wikimedia.org/r/plugins/gitiles/operations/mediawiki-config/…
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l