Menu
This question related to another question, which was asked year ago. Author asked how to make cros-origin request using JavaScript and Wikipedia API and one comment was:
en.wikipedia.org doesn't seem to allow CORS
and he was advised to use JSONP instead.
I know I can use JSONP, but I prefer CORS if I can use it.
I tried on jsfiddle
var url = "https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json";
$.ajax({
url: url,
data: 'query',
dataType: 'json',
type: 'POST',
headers: { 'Api-User-Agent': 'Example/1.0' },
origin: 'https://jsfiddle.net/',
success: function (data) {
console.log(data);
//do something with data
}});
and get the following error:
XMLHttpRequest cannot load https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://fiddle.jshell.net' is therefore not allowed access.
Request Header:
authority:en.wikipedia.org
method:OPTIONS
path:/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json
scheme:https
accept:/
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4,fr-FR;q=0.2,ru;q=0.2,uk;q=0.2
access-control-request-headers:accept, api-user-agent, content-type
access-control-request-method:POST
origin:https://fiddle.jshell.net
referer:https://fiddle.jshell.net/_display/
user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
Response Header:
accept-ranges:bytes
age:0
backend-timing:D=33198 t=1462749020308717
cache-control:no-cache
content-encoding:gzip
content-length:20
content-type:text/html
date:Sun, 08 May 2016 23:10:20 GMT
p3p:CP="This is not a P3P policy! See https://en.wikipedia.org/wiki/Special:CentralAutoLogin/P3P for more info."
server:mw1114.eqiad.wmnet
set-cookie:CP=H2; Path=/; secure
set-cookie:GeoIP=US:MA:Waltham:42.37:-71.24:v4; Path=/; secure; Domain=.wikipedia.org
set-cookie:WMF-Last-Access=08-May-2016;Path=/;HttpOnly;secure;
Expires=Thu, 09 Jun 2016 12:00:00 GMT
status:200
strict-transport-security:max-age=31536000; includeSubDomains; preload
vary:Accept-Encoding
via:1.1 varnish, 1.1 varnish
x-analytics:https=1;nocookies=1
x-cache:cp1066 pass+chfp(0), cp1055 frontend pass+chfp(0)
x-client-ip:146.115.167.51
x-content-type-options:nosniff
x-powered-by:HHVM/3.12.1
x-varnish:2807049448, 2537048470
So, I need confirmation that CORS doesn't work for Wikipedia API and I need use JSONP.
435
CORS can be used as a modern alternative to the JSONP pattern. The benefits of CORS are: While JSONP supports only the GET request method, CORS also supports other types of HTTP requests.
As of August 2016, Wikipedia supports CORS requests by using the normal Ajax requests (no need of JSONP/callback manipulation). This can be done by setting the origin in the API call.
In an HTML page, a <script> tag does not check for cross-origin requests and that’s where JSONP comes into action when requesting APIs over different origin. Consider the above endpoint xyz.com?wrap=myFunc that returns a JSONP response. If we embed the request in a script tag, we can get the data from different origin ...
This is JSONP as the response gets wrapped in a function which can be executed directly on the HTML page. In an HTML page, a <script> tag does not check for cross-origin requests and that’s where JSONP comes into action when requesting APIs over different origin.
To make JavaScript Fetch/XHR requests to Wikipedia, add origin=* to the URL query params.
So the base of the URL in the question should be like this:
https://en.wikipedia.org/w/api.php?origin=*&action=query…
See the CORS-related docs for the Wikipedia backend:
For anonymous requests,
originquery string parameter can be set to*which will allow requests from anywhere.
See “Enable cross-domain API requests in API's JSON responses”, an open bug for Wikimedia sites that indicates that they currently only support CORS requests from different Wikimedia sites themselves to other Wikimedia sites—but they do not support CORS requests from external sites.
See in particular https://phabricator.wikimedia.org/T62835#2191138 (from Apr 8, 2016) which is a summary that indicates they are considering to make a change to allow CORS request from external sites, but they have not yet enabled it.
It seems they will be deploying CORS support today:
unauthenticated cross-domain API requests are now possible. This should be deployed to WMF wikis with 1.128.0-wmf.10, see https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for the schedule
https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap indicates the 1.128.0-wmf.10 deployment dates are 12 July 2016 to 14 July 2016.
As torvin notes in a comment below:
to trigger the new behaviour, you need to specify
origin=*in your url params. This is currently buried in the T62835 discussion and is not stated in the documentation yet.
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
