Difference between revisions of "CORS On Mediawiki API"

From PKC
Jump to navigation Jump to search
Line 5: Line 5:
Mediawiki has its own implementation of CORS<ref>'''https://gerrit.wikimedia.org/r/c/mediawiki/core/+/9624/''',Change Request on CORS at Jul 06, 2012</ref> and its implemented inside file '''includes/api/ApiMain.php'''. This implementation enable the Mediawiki site admin to put whitelist of the domains that allow to perform API function calls to Mediawiki API.
Mediawiki has its own implementation of CORS<ref>'''https://gerrit.wikimedia.org/r/c/mediawiki/core/+/9624/''',Change Request on CORS at Jul 06, 2012</ref> and its implemented inside file '''includes/api/ApiMain.php'''. This implementation enable the Mediawiki site admin to put whitelist of the domains that allow to perform API function calls to Mediawiki API.
==How to configure==
==How to configure==
The CORS implementation is included on Mediawiki standard installation, required no additional extensions. First, we need to put '''$wgCrossSiteAJAXdomains''' entry on LocalSettings.php. The parameter can take single entry or array of string. All the entry in this parameter is the whitelist domain. The whitelist domain is needed to implemented in PKC's implementation to enable API Function Calls from other micro services. Below is the entry in LocalSettings.php
<syntaxhighlight lang=php>
// Single Entry example
$wgCrossSiteAJAXdomains[] = '*.wikipedia.org';
// Multiple entry
$wgCrossSiteAJAXdomains = [
    'your.first.domain',
    'your.second.domain',
    'your.third.domain'
];
</syntaxhighlight>
Then, Mediawiki API will add HTTP Header Response, in preflight or POST, to allow browser using Cross-Origin-Resource-Sharing.
==Sample API Calls==
==Sample API Calls==

Revision as of 17:10, 11 August 2022

Introduction on CORS

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served[1]. The mechanism is implemented on browser-side or client-side, in which the controlling variables is implemented based on client request header and server response header. This mechanism is implemented on various mobile and desktop browser.[2][3]Prior to CORS Implementation, cross-site browser request is not allowed.

CORS Implementation on Mediawiki API

Mediawiki has its own implementation of CORS[4] and its implemented inside file includes/api/ApiMain.php. This implementation enable the Mediawiki site admin to put whitelist of the domains that allow to perform API function calls to Mediawiki API.

How to configure

The CORS implementation is included on Mediawiki standard installation, required no additional extensions. First, we need to put $wgCrossSiteAJAXdomains entry on LocalSettings.php. The parameter can take single entry or array of string. All the entry in this parameter is the whitelist domain. The whitelist domain is needed to implemented in PKC's implementation to enable API Function Calls from other micro services. Below is the entry in LocalSettings.php

// Single Entry example
$wgCrossSiteAJAXdomains[] = '*.wikipedia.org';

// Multiple entry
$wgCrossSiteAJAXdomains = [
    'your.first.domain',
    'your.second.domain',
    'your.third.domain'
];

Then, Mediawiki API will add HTTP Header Response, in preflight or POST, to allow browser using Cross-Origin-Resource-Sharing.

Sample API Calls