Wikipedia API 支持 CORS 还是只支持 JSONP?
Does Wikipedia API support CORS or only JSONP available?
这个问题与一年前提出的 another question 有关。作者询问如何使用 JavaScript 和维基百科 API 提出 cros-origin 请求,一条评论是:
en.wikipedia.org doesn't seem to allow CORS
并建议他改用 JSONP。
我知道我可以使用 JSONP,但如果可以的话,我更喜欢 CORS。
我试穿了 jsfiddle
var url = "https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json";
$.ajax({
url: url,
data: 'query',
dataType: 'json',
type: 'POST',
headers: { 'Api-User-Agent': 'Example/1.0' },
origin: 'https://jsfiddle.net/',
success: function (data) {
console.log(data);
//do something with data
}});
并得到以下错误:
XMLHttpRequest cannot load
https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json.
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'https://fiddle.jshell.net' is therefore not allowed
access.
请求Header:
authority:en.wikipedia.org
method:OPTIONS
path:/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json
scheme:https
accept:/
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4,fr-FR;q=0.2,ru;q=0.2,uk;q=0.2
access-control-request-headers:accept, api-user-agent, content-type
access-control-request-method:POST
origin:https://fiddle.jshell.net
referer:https://fiddle.jshell.net/_display/
user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
响应Header:
accept-ranges:bytes
age:0
backend-timing:D=33198 t=1462749020308717
cache-control:no-cache
content-encoding:gzip
content-length:20
content-type:text/html
date:Sun, 08 May 2016 23:10:20 GMT
p3p:CP="This is not a P3P policy! See https://en.wikipedia.org/wiki/Special:CentralAutoLogin/P3P for more info."
server:mw1114.eqiad.wmnet
set-cookie:CP=H2; Path=/; secure
set-cookie:GeoIP=US:MA:Waltham:42.37:-71.24:v4; Path=/; secure; Domain=.wikipedia.org
set-cookie:WMF-Last-Access=08-May-2016;Path=/;HttpOnly;secure;
Expires=Thu, 09 Jun 2016 12:00:00 GMT
status:200
strict-transport-security:max-age=31536000; includeSubDomains; preload
vary:Accept-Encoding
via:1.1 varnish, 1.1 varnish
x-analytics:https=1;nocookies=1
x-cache:cp1066 pass+chfp(0), cp1055 frontend pass+chfp(0)
x-client-ip:146.115.167.51
x-content-type-options:nosniff
x-powered-by:HHVM/3.12.1
x-varnish:2807049448, 2537048470
因此,我需要确认 CORS 不适用于 Wikipedia API 并且我需要使用 JSONP。
要向维基百科发出 JavaScript Fetch/XHR 请求,请将 origin=* 添加到 URL 查询参数。
所以问题中URL的底数应该是这样的:
https://en.wikipedia.org/w/api.php?origin=*&action=query…
见the CORS-related docs for the Wikipedia backend:
For anonymous requests, origin query string parameter can be set to * which will allow requests from anywhere.
2016-05-09原回答
请参阅 “Enable cross-domain API requests in API's JSON responses”,这是维基媒体网站的一个开放错误,表明它们目前仅支持从不同维基媒体网站本身到其他维基媒体网站的 CORS 请求,但它们不支持来自外部网站的 CORS 请求。
请特别参阅 https://phabricator.wikimedia.org/T62835#2191138(自 2016 年 4 月 8 日起),这是一个摘要,表明他们正在考虑进行更改以允许来自外部站点的 CORS 请求,但他们尚未启用它。
2016-07-12更新
看来他们会是 deploying CORS support today:
unauthenticated cross-domain API requests are now possible. This
should be deployed to WMF wikis with 1.128.0-wmf.10, see
https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for the schedule
https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap 表示 1.128.0-wmf.10 部署日期为 2016 年 7 月 12 日至 2016 年 7 月 14 日。
2016-08-05更新
作为torvin notes :
to trigger the new behaviour, you need to specify origin=* in your url params. This is currently buried in the T62835 discussion and is not stated in the documentation yet.
这个问题与一年前提出的 another question 有关。作者询问如何使用 JavaScript 和维基百科 API 提出 cros-origin 请求,一条评论是:
en.wikipedia.org doesn't seem to allow CORS
并建议他改用 JSONP。
我知道我可以使用 JSONP,但如果可以的话,我更喜欢 CORS。
我试穿了 jsfiddle
var url = "https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json";
$.ajax({
url: url,
data: 'query',
dataType: 'json',
type: 'POST',
headers: { 'Api-User-Agent': 'Example/1.0' },
origin: 'https://jsfiddle.net/',
success: function (data) {
console.log(data);
//do something with data
}});
并得到以下错误:
XMLHttpRequest cannot load https://en.wikipedia.org/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://fiddle.jshell.net' is therefore not allowed access.
请求Header:
authority:en.wikipedia.org
method:OPTIONS
path:/w/api.php?action=query&titles=Main%20Page&prop=revisions&rvprop=content&format=json
scheme:https
accept:/
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4,fr-FR;q=0.2,ru;q=0.2,uk;q=0.2
access-control-request-headers:accept, api-user-agent, content-type
access-control-request-method:POST
origin:https://fiddle.jshell.net
referer:https://fiddle.jshell.net/_display/
user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
响应Header:
accept-ranges:bytes
age:0
backend-timing:D=33198 t=1462749020308717
cache-control:no-cache
content-encoding:gzip
content-length:20
content-type:text/html
date:Sun, 08 May 2016 23:10:20 GMT
p3p:CP="This is not a P3P policy! See https://en.wikipedia.org/wiki/Special:CentralAutoLogin/P3P for more info."
server:mw1114.eqiad.wmnet
set-cookie:CP=H2; Path=/; secure
set-cookie:GeoIP=US:MA:Waltham:42.37:-71.24:v4; Path=/; secure; Domain=.wikipedia.org
set-cookie:WMF-Last-Access=08-May-2016;Path=/;HttpOnly;secure;
Expires=Thu, 09 Jun 2016 12:00:00 GMT
status:200
strict-transport-security:max-age=31536000; includeSubDomains; preload
vary:Accept-Encoding
via:1.1 varnish, 1.1 varnish
x-analytics:https=1;nocookies=1
x-cache:cp1066 pass+chfp(0), cp1055 frontend pass+chfp(0)
x-client-ip:146.115.167.51
x-content-type-options:nosniff
x-powered-by:HHVM/3.12.1
x-varnish:2807049448, 2537048470
因此,我需要确认 CORS 不适用于 Wikipedia API 并且我需要使用 JSONP。
要向维基百科发出 JavaScript Fetch/XHR 请求,请将 origin=* 添加到 URL 查询参数。
所以问题中URL的底数应该是这样的:
https://en.wikipedia.org/w/api.php?origin=*&action=query…
见the CORS-related docs for the Wikipedia backend:
For anonymous requests,
originquery string parameter can be set to*which will allow requests from anywhere.
2016-05-09原回答
请参阅 “Enable cross-domain API requests in API's JSON responses”,这是维基媒体网站的一个开放错误,表明它们目前仅支持从不同维基媒体网站本身到其他维基媒体网站的 CORS 请求,但它们不支持来自外部网站的 CORS 请求。
请特别参阅 https://phabricator.wikimedia.org/T62835#2191138(自 2016 年 4 月 8 日起),这是一个摘要,表明他们正在考虑进行更改以允许来自外部站点的 CORS 请求,但他们尚未启用它。
2016-07-12更新
看来他们会是 deploying CORS support today:
unauthenticated cross-domain API requests are now possible. This should be deployed to WMF wikis with 1.128.0-wmf.10, see https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap for the schedule
https://www.mediawiki.org/wiki/MediaWiki_1.28/Roadmap 表示 1.128.0-wmf.10 部署日期为 2016 年 7 月 12 日至 2016 年 7 月 14 日。
2016-08-05更新
作为torvin notes
to trigger the new behaviour, you need to specify
origin=*in your url params. This is currently buried in the T62835 discussion and is not stated in the documentation yet.