Hi. I'm trying to write JS code in my browser that will run a prototype Wikidata bot (written in Browser-side JS) that will use XMLHttpRequest() to login to WikiData via a Bot Password for the purposes of making an edit. I'm running into CORS issues.
If I disable CORS in my browser, I can POST with:
?action=login&format=json&lgname=BOTNAME&lgpassword=BOTPASSWORD' and I
successfully get a login token.
However, if I don't disable CORS, my browser errors with:
'XMLHttpRequest cannot load https://www.wikidata.org/w/api.php. Origin
http://localhost:8080 is not allowed by Access-Control-Allow-Origin’
Note that the same request that fails in the browser works fine with ‘curl’.
I’ve tried adding ‘origin=*’. I’ve toggled withCredentials, and I’ve tried a
variety of combinations of these.
I’m wondering if it is even possible to have a webpage that can obtain login
access (via bot user/pw), and make WikiData edits. I know that the rest of the
Wiki sites can uses CORS between each other, because they are whitelisted. My
site is not on the whitelist, and it shouldn’t be.
An even simpler request that fails is this:
https://www.wikidata.org/w/api.php?action=query&format=json&meta=tokens
It works when I disable CORS in the browser, but fails with the same error as
above (remember, this is XMLHttpRequest, not just typing into the URL field).
I want to avoid writing server code just to defeat the browser’s CORS
protection.
Thanks for any help you can provide,
Dan
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
