EBernhardson added a comment.
After reviewing mdn's CORS docs and stack overflow posts about redirect based auth combined with xmlhttprequest, I'm not finding a simple way to do this that avoids changing the application. I suspect we will need some sort of hook or support within the javascript application for this use case. In particular one way forward is: - Adjust the backend to return errors to XMLHttpRequest instead of doing the redirect bounce. The standard way would be returning 401 Not Authorized. Some online solutions always return a 2xx and embed this into the json, but i would prefer to avoid changing the responses as much as possible. - Adjust the frontend to recognize the failed auth and refresh the page. As long as the auth is non-interactive (mediawiki doesn't ask them to login) it should preserve the users previous query. If mediawiki does ask them to login the query (stored in the url fragment) will likely be lost. - This might be doable through `jQuery.ajaxSetup` by having it perform a pre-check but that would introduce additional round-trip latency. - Integrating more directly with the code that handles the response in the UI would allow for more direct handling, but would need to involve WMDE approving, or possibly even writing, the changes TASK DETAIL https://phabricator.wikimedia.org/T301650 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: EBernhardson Cc: EBernhardson, Zbyszko, Aklapper, Dominicbm, karapayneWMDE, Invadibot, MPhamWMF, maantietaja, FRomeo_WMF, CBogen, Nintendofan885, Akuckartz, Nandana, JKSTNK, Namenlos314, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, merbst, LawExplorer, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Lydia_Pintscher, Mbch331
_______________________________________________ Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org