Does the Wikipedia API support CORS or just JSONP?

Question

Does the Wikipedia API support CORS or just JSONP?

This question is related to another question that was asked a year ago. The author asked how to make a cros-origin request using JavaScript and the Wikipedia API, and one comment was:

ru.wikipedia.org doesn't seem to allow CORS

and he was recommended to use JSONP instead.

I know I can use JSONP, but I prefer CORS if I can use it.

I tried jsfiddle

var url = "https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json"; $.ajax({ url: url, data: 'query', dataType: 'json', type: 'POST', headers: { 'Api-User-Agent': 'Example/1.0' }, origin: 'https://jsfiddle.net/', success: function (data) { console.log(data); //do something with data }});

and get the following error:

XMLHttpRequest cannot load https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json . The response to the preflight request does not pass the access control check: No The header of the Access-Control-Allow-Origin header is present in the requested resource. Origin ' https://fiddle.jshell.net ' so access is not allowed.

Request Header:

 authority:en.wikipedia.org method:OPTIONS path:/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json scheme:https accept:/ accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4,fr-FR;q=0.2,ru;q=0.2,uk;q=0.2 access-control-request-headers:accept, api-user-agent, content-type access-control-request-method:POST origin:https://fiddle.jshell.net referer:https://fiddle.jshell.net/_display/ user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36

Answer Header:

 accept-ranges:bytes age:0 backend-timing:D=33198 t=1462749020308717 cache-control:no-cache content-encoding:gzip content-length:20 content-type:text/html date:Sun, 08 May 2016 23:10:20 GMT p3p:CP="This is not a P3P policy! See https://en.wikipedia.org/wiki/Special:CentralAutoLogin/P3P for more info." server:mw1114.eqiad.wmnet set-cookie:CP=H2; Path=/; secure set-cookie:GeoIP=US:MA:Waltham:42.37:-71.24:v4; Path=/; secure; Domain=.wikipedia.org set-cookie:WMF-Last-Access=08-May-2016;Path=/;HttpOnly;secure; Expires=Thu, 09 Jun 2016 12:00:00 GMT status:200 strict-transport-security:max-age=31536000; includeSubDomains; preload vary:Accept-Encoding via:1.1 varnish, 1.1 varnish x-analytics:https=1;nocookies=1 x-cache:cp1066 pass+chfp(0), cp1055 frontend pass+chfp(0) x-client-ip:146.115.167.51 x-content-type-options:nosniff x-powered-by:HHVM/3.12.1 x-varnish:2807049448, 2537048470

So, I need confirmation that CORS does not work for the Wikipedia API, and I need to use JSONP.

+6

javascript jquery jsonp cors wikipedia-api

Alexan May 08 '16 at 23:47

source share

1 answer

sideshowbarker · Accepted Answer · 2016-05-09T07:13:57+0000

To make JavaScript Fetch / XHR requests on Wikipedia, add origin=* to the URL request parameters.

So, the URL base in the question should look something like this:

 https://en.wikipedia.org/w/api.php?origin=*&action=query…

See the CORS related docs for the Wikipedia backend :

For anonymous queries, the origin query string parameter can be set to * , which will allow queries from anywhere.

2016-05-09 original answer

See "Include cross-domain API API requests in JSON API responses" , an open error for Wikimedia sites that indicates that they currently only support CORS requests from different Wikimedia sites to other Wikimedia sites, but they do not support CORS requests from external sites .

See, in particular, https://phabricator.wikimedia.org/T62835#2191138 (as of April 8, 2016), which is a summary that indicates that they are considering making changes to allow the CORS Request from external sites, but they haven't turned it on yet.

Update 2016-07-12

It seems they will deploy CORS support today :

unauthorized cross-domain API requests are now possible. This one should be deployed to WMF wikis with 1.128.0-wmf.10, see https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for a schedule

https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap indicates that the deployment dates are 1.128.0-wmf.10 - from July 12, 2016 to July 14, 2016.

2016-08-05 update

As torvin note in the comment below :

in order to trigger a new behavior, you need to specify origin=* in the url parameters. It is currently buried in a discussion of T62835 and is not listed in the documentation .

Does the Wikipedia API support CORS or just JSONP?

2016-05-09 original answer

Update 2016-07-12

2016-08-05 update

More articles: