VirginiaPoundstone removed a project: API Platform.
TASK DETAIL
https://phabricator.wikimedia.org/T323615
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: VirginiaPoundstone
Cc: JeanFred, Lucas_Werkmeister_WMDE, Aklapper, RPI2026F1, Astuthiodit_1,
RPI2026F1 added a comment.
If that is the case, then MW isn't even looking at the Authorization header
is `origin=*`,
TASK DETAIL
https://phabricator.wikimedia.org/T323615
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: RPI2026F1
Cc:
Lucas_Werkmeister_WMDE added a comment.
Yes, I was hoping that `origin=*` might still support authenticated requests
with an `Authorization` header. But it looks like it doesn’t work:
`$AllowedCorsHeaders` doesn’t include `Authorization` by default; and even if I
added it locally, the
RPI2026F1 added a comment.
It works for unauthenticated requests. My problem is that I need to be able
to make authenticated requests since the tool writes information back to
Wikidata.
TASK DETAIL
https://phabricator.wikimedia.org/T323615
EMAIL PREFERENCES
Lucas_Werkmeister_WMDE added a comment.
Have you tried setting the `origin` URL parameter to `*` instead? (I don’t
know if the `Authorization` header still works in that case, but that should at
least send CORS headers.)
TASK DETAIL
https://phabricator.wikimedia.org/T323615
EMAIL
RPI2026F1 added a comment.
I had to add these headers with a browser plugin:
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: PUT, GET, HEAD, POST, DELETE, OPTIONS
access-control-allow-origin: http://localhost:16000
I
RPI2026F1 created this task.
RPI2026F1 added projects: Wikidata, API Platform.
Restricted Application added a subscriber: Aklapper.
TASK DESCRIPTION
I am trying to make an OAuth2-authenticated request on Wikidata from an SPA
on a localhost web client. However, I keep on running into CORS